Trusted Key Entry console

The Trusted Key Entry Console automatically loads on start up with a set of commonly used tasks. The console is shipped with several predefined console user names. Your first logon is with the console user name.

Most tasks require an additional logon to the TKE workstation crypto adapter. You log on with your TKE workstation crypto adapter profile. The profile is defined for your workstation when TKE is configured and customized.

At start up, you are logged in with the default user name TKEUSER. The user names determine the applications and utilities that can be run during the console session. The predefined console user names are:
  • TKEUSER -- default console user name.
  • ADMIN -- provides access to administrative functions, such as migration utilities, the code load utility, and the crypto adapter initialization utility.
  • AUDITOR -- provides access to audit functions, such as the Audit Configuration Utility, the Audit Record Upload Configuration Utility, and utilities to view and archive security logs.
  • SERVICE -- provides access to service functions, such as managing the console code level, setting the date and time, and saving upgrade data.

The ADMIN, AUDITOR, and SERVICE console user names require a password when logging on the console. The default TKEUSER console user name may optionally require a password. See Password protect console for more information.

Trusted Key Entry applications and utilities describes the applications and utilities available to each console user name.

After starting the TKE console, the initial Trusted Key Entry Console panel appears.
Figure 1. TKE Console - initial panel
TKE Console - initial panel
This initial panel provides access to applications and utilities that are available when you are using the default TKEUSER console user name.
  • Clicking Trusted Key Entry provides access to the main TKE window, the Smart Card Utility Program, the Cryptographic Node Management Utility, and other commonly used applications and utilities.
  • Clicking Service Management provides access to service functions, such as locking, shutting down, or restarting the console.
  • Clicking Status Bar displays the current status of the TKE Hardware.
When it is necessary to log on to the TKE console using a different user name, for example, ADMIN, AUDITOR or SERVICE, close this panel by clicking the X in the upper right corner. The Trusted Key Entry Console pre-login panel appears.
Figure 2. TKE Console - pre-login panel
TKE Console - pre-login panel

Clicking Launch the Trusted Key Entry Console web application, starts a console session using the default TKEUSER console user name. It returns you to the initial panel.

Clicking view the online help opens an IBM® help window. You can navigate to the help information for the TKE panels.

Clicking Privileged Mode Access displays a logon panel. You can log on as any of the following privileged mode access user IDs: AUDITOR, ADMIN, SERVICE.

Figure 3. Log on with other privileged mode access console user names
Log on with other console user names
Fill in the user name field with one of the following:
  • ADMIN - the default password is PASSWORD
  • AUDITOR - the default password is PASSWORD
  • SERVICE - the default password is SERVMODE
After logging on with the new user name, an initial panel appears. In the upper-right corner, to the left of the word Help, the privileged mode access id is displayed. This initial panel provides access to applications and utilities when you are using a console user name. It is identical to the TKEUSER initial panel with the same options:
  • Clicking Trusted Key Entry provides access to the applications and utilities available with the console user name you used to log on.
  • Clicking Service Management provides access to service functions available with the console user name you used to log on.
  • Clicking Status Bar displays the current status of the TKE Hardware.
Figure 4. Trusted Key Entry for ADMIN - categorized
Trusted Key Entry for ADMIN - categorized
The Trusted Key Entry console message bar can contain three types of status messages to the left of the word Help:
  • Privileged Mode Access ID is displayed if the console user is logged on as a privileged mode access user.
  • Crypto Adapter Logon ID is displayed when the user of a TKE application is logged on to the Crypto Adapter.
  • Smart Card Readers Locked By is displayed when a TKE application has a lock on the smart card readers.
Guideline: After you log in the first time, change the password with the Change Password task. See Change password.