policy.cfg 파일

용도

policy.cfg 파일에는 사용자를 작성하거나 로컬 LDAP 저장소에 인증서를 추가할 때 인증서를 작성하는 동안 사용되는 속성이 포함되어 있습니다.

설명

policy.cfg 파일은 네 개의 스탠자 ( newuser, storage, crl 및 comm) 로 구성됩니다. 이러한 스탠자는 일부 시스템 관리 명령의 작동을 수정합니다. mkuser 명령은 newuser 스탠자를 사용합니다. certlink 명령은 storage 스탠자를 사용합니다. certadd 및 certlink 명령은 comm 및 crl 스탠자를 사용합니다.

예

*******************************************************************************
* Example policy.cfg file

* newuser Stanza:
*
* cert            Specifies whether the mkuser command generates a certificate (new) or
*                 not (get) by default.
* ca              Specifies the CA used by the mkuser command when generating
*                 a certificate.
* version         Specifies the version number of the certificate to be created.
*                 The value 3 is the only supported value.
* tag             Specifies the auth_cert tag value used by the mkuser command when
*                 creating a user when cert = new.
* label           Specifies the private key label used by the mkuser command when
*                 generating a certificate.
* keystore        Specifies the keystore URI used by the mkuser command when generating
*                 a certificate.
* passwd          Specifies the keystore's password used by the mkuser command when
*                 generating a certificate.
* domain          Specifies the domain part of the certificate's subject alternate name
*                 email value used by the mkuser command when generating a
*                 certificate.
* validity        Specifies the certificate's validity period value used by the mkuser
*                 command when generating a certificate.
* algorithm       Specifies the public key algorithm used by the mkuser command when
*                 generating a certificate.
* keysize         Specifies the minimum encryption key size in bits used by the mkuser
*                 command when generating a certificate.
* keyusage        Specifies the certificate's key usage value used by the mkuser
*
* subalturi       Specifies the certificate's subject alternate name URI value
*                 used by the mkuser command when generating a certificate.
*
* storage Stanza: 
*
*                 command when generating a certificate.
* replicate       Specifies whether the certlink command saves a copy of the certificate
*                 (yes) or just the link (no).
*
* crl Stanza
*
* check           Specifies whether the certadd and certlink commands should check the
*                 CRL (yes) or not (no).
*
* comm Stanza
*
* timeout         Specifies the timeout period in seconds when requesting certificate
*                 information using HTTP (e.g., retrieving CRLs).

newuser:
        cert = new
        ca = local
        passwd = pki
        version = "3"
        keysize = 1024
        keystore = test
        validity = 60

storage:
        replicate = no

crl:
        check = yes

comm:
        timeout = 10
* end of policy.cfg

파일

/usr/lib/security/pki/policy.cfg