AIX 6 加密文件系统(Encrypted File System),第 5 部分:组管理
2008-09-06 08:20:02 来源:WEB开发网当在 root guard 模式中运行时,只有组管理员可以生成新的组访问密钥、弃用密钥、或者删除已弃用的密钥。
更新到另一个组的密钥存储库的访问密钥
当在 root guard 模式中运行时,通过使用下面的示例 8 中所示的步骤,您可以使用 efskeymgr 命令将组密钥存储库的访问密钥发送到另一个用户组密钥存储库:
使用两次 efskeymgr 命令,以便显示 group1 和 group2 的组密钥存储库的内容。
正如 efskeymgr -v 命令所显示的,user3 是 group2 的成员。
root 使用 efskeymgr -s 命令将 group1 的访问密钥发送到 group2 密钥存储库。
efskeymgr -v -k group/group2 命令显示,group2 密钥存储库包含 group1 密钥存储库的访问密钥。
user3 密钥存储库的内容没有发生更改,因为没有直接向该用户授予任何附加的访问权限。
当使用 efskeymgr -o ksh 命令重新打开 user3 密钥存储库的内容时,新生成的 Shell 也将获得 group1 的组访问密钥。
root 使用 efskeymgr -S 命令从 group2 密钥存储库中删除 group1 的访问密钥。
efskeymgr -v -k group/group2 命令显示,group2 密钥存储库不再包含 group1 密钥存储库的访问密钥。
当使用 efskeymgr -o ksh 命令重新打开 user3 密钥存储库的内容时,新生成的 Shell 将不再拥有 group1 访问密钥。
示例 8 将一个组密钥存储库的访问密钥发送到另一个组
# efskeymgr -v -k group/group1
Keystore content:
Keystore owner ............: gid 204
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/13/07 at 13:17:25
Private key:
Algorithm :RSA_1024
Fingerprint :53cd3824:7c9d508e:b825a253:f3209fcf:76f1766f
Validity :This key is valid.
# efskeymgr -v -k group/group2
Keystore content:
Keystore owner ............: gid 205
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/13/07 at 13:51:07
Private key:
Algorithm :RSA_1024
Fingerprint :61e6538d:343c8313:df807f20:ab02451e:734309ca
Validity :This key is valid.
$ id uid=212(user3) gid=1(staff)
$ efskeymgr -v
Keystore content:
Keystore owner ............: uid 212
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/13/07 at 13:48:07
Private key:
Algorithm :RSA_1024
Fingerprint :1c9e287c:05a6b7b3:020ce4c5:0f578619:5c7ea3b6
Validity :This key is valid.
Access key to keystore group/group2
# efskeymgr -k group/group1 -s group/group2
# efskeymgr -v -k group/group2
Keystore content:
Keystore owner ............: gid 205
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/13/07 at 13:51:07
Private key:
Algorithm :RSA_1024
Fingerprint :61e6538d:343c8313:df807f20:ab02451e:734309ca
Validity :This key is valid.
Access key to keystore group/group1
$ id uid=212(user3) gid=1(staff)
$ efskeymgr -v
Keystore content:
Keystore owner ............: uid 212
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/13/07 at 13:48:07
Private key:
Algorithm :RSA_1024
Fingerprint :1c9e287c:05a6b7b3:020ce4c5:0f578619:5c7ea3b6
Validity :This key is valid.
Access key to keystore group/group2
$ efskeymgr -V
List of keys loaded in the current process:
Key #0:
Kind .....................User key
Id (uid / gid) ......... 212
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
61c9e287c:05a6b7b3:020ce4c5:0f578619:5c7ea3b6
Key #1:
Kind .....................Group key
Id (uid / gid) ......... 204
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
53cd3824:7c9d508e:b825a253:f3209fcf:76f1766f
Key #2:
Kind .....................Group key
Id (uid / gid) ......... 205
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
61e6538d:343c8313:df807f20:ab02451e:734309ca
# efskeymgr -k group/group2 -S group/group1
# efskeymgr -v -k group/group2
Keystore content:
Keystore owner ............: gid 205
Keystore mode .............: admin:managed by EFS administrator
Password changed last on ..: 05/13/07 at 13:51:07
Private key:
Algorithm :RSA_1024
Fingerprint :61e6538d:343c8313:df807f20:ab02451e:734309ca
Validity :This key is valid.
$ id uid=212(user3) gid=1(staff)
$ efskeymgr -o ksh
$ efskeymgr -V
List of keys loaded in the current process:
Key #0:
Kind .....................User key
Id (uid / gid) ......... 212
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
1c9e287c:05a6b7b3:020ce4c5:0f578619:5c7ea3b6
Key #1:
Kind .....................Group key
Id (uid / gid) ......... 205
Type .....................Private key
Algorithm ................RSA_1024
Validity .................Key is valid
Fingerprint ..............
61e6538d:343c8313:df807f20:ab02451e:734309ca
中查找“AIX 6 加密文件系统(Encrypted File System),第 5 部分:组管理”更多相关内容
中查找“AIX 6 加密文件系统(Encrypted File System),第 5 部分:组管理”更多相关内容更多精彩
赞助商链接
