Enabling use of a shared secret key

Edit online

To enable the use of a shared secret key for an online peer domain that does not currently use one, issue the chrsrc command.

To enable the use of a shared secret key for an online peer domain that does not currently use one, issue the chrsrc command and specify the key type that you want to use:

chrsrc -c IBM.RSCTParameters CSSKType=key_type

For key_type, specify one of the valid key types:

CSSKTYPE_DES_MD5: DES encryption using a 56-bit key
CSSKTYPE_3DES_MD5: Triple DES encryption using a 168-bit key
CSSKTYPE_AES256_MD5: AES encryption using a 256-bit key

The key types are further described under the mkrpdomain command.

When the chrsrc command completes, a key value of the specified key type will be generated and propagated for use across the peer domain and the refresh interval for the key will be set to the default of one day (86400 seconds). Topology Services, Group Services, and RMC control messages will be signed for authentication using the shared secret key.

For more information about the chrsrc and mkrpdomain commands, see their online man pages or to Technical Reference: RSCT for AIX® and Technical Reference: RSCT for Multiplatforms guides.