policy.cfg 文件

在线编辑

用途

policy.cfg 文件包含在创建用户或将证书添加到本地 LDAP 存储库时创建证书时使用的属性。

描述

policy.cfg 文件由四个节组成: newuserstoragecrlcomm。 这些节会修改某些系统管理命令的行为。 姆库特 命令将使用 新用户 节。 certlink 命令将使用 存储 节。 切尔塔德certlink 命令将使用 Crl 节。

示例

*******************************************************************************
* Example policy.cfg file

* newuser Stanza:
*
* cert            Specifies whether the mkuser command generates a certificate (new) or
*                 not (get) by default.
* ca              Specifies the CA used by the mkuser command when generating
*                 a certificate.
* version         Specifies the version number of the certificate to be created.
*                 The value 3 is the only supported value.
* tag             Specifies the auth_cert tag value used by the mkuser command when
*                 creating a user when cert = new.
* label           Specifies the private key label used by the mkuser command when
*                 generating a certificate.
* keystore        Specifies the keystore URI used by the mkuser command when generating
*                 a certificate.
* passwd          Specifies the keystore's password used by the mkuser command when
*                 generating a certificate.
* domain          Specifies the domain part of the certificate's subject alternate name
*                 email value used by the mkuser command when generating a
*                 certificate.
* validity        Specifies the certificate's validity period value used by the mkuser
*                 command when generating a certificate.
* algorithm       Specifies the public key algorithm used by the mkuser command when
*                 generating a certificate.
* keysize         Specifies the minimum encryption key size in bits used by the mkuser
*                 command when generating a certificate.
* keyusage        Specifies the certificate's key usage value used by the mkuser
*
* subalturi       Specifies the certificate's subject alternate name URI value
*                 used by the mkuser command when generating a certificate.
*
* storage Stanza: 
*
*                 command when generating a certificate.
* replicate       Specifies whether the certlink command saves a copy of the certificate
*                 (yes) or just the link (no).
*
* crl Stanza
*
* check           Specifies whether the certadd and certlink commands should check the
*                 CRL (yes) or not (no).
*
* comm Stanza
*
* timeout         Specifies the timeout period in seconds when requesting certificate
*                 information using HTTP (e.g., retrieving CRLs).

newuser:
        cert = new
        ca = local
        passwd = pki
        version = "3"
        keysize = 1024
        keystore = test
        validity = 60

storage:
        replicate = no

crl:
        check = yes

comm:
        timeout = 10
* end of policy.cfg

文件

/usr/lib/security/pki/policy.cfg