acct.cfg 文件
用途
acct.cfg 文件由 CA 节和 LDAP 节组成。 CA 节包含不适合公共可读 ca.cfg 文件的专用 CA 信息。 LDAP 节包含 LDAP 信息,例如 LDAP 管理名称和密码。
描述
对于 ca.cfg 文件中的每个 CA 节, acct.cfg 文件应包含等价的 CA 节,并且必须唯一地命名所有 CA 节。 另一方面,所有 LDAP 节都被命名为 LDAP。 出于此原因, CA 节不能命名为 LDAP。 此外,任何节都不能命名为 缺省值。 LDAP 节必须存在,并且必须至少存在一个名为 本地 的 CA 节。
示例
*******************************************************************************
* CA Stanzas:
*
* carefnum Specifies the CA's reference number used while communicating
* with the CA through CMP. This value must be the same value as
* the one that is specified while configuring the CA. (Required)
*
* capasswd Specifies the CA's password used while commuinicating with
* the CA. The length of the password must be at least 12
* characters long. This value must be the same value as the one
* that is specified while configuring the CA.(Required)
*
* rvrefnum Specifies the revocation reference number used for revoking
* a certificate
*
* rvpasswd Specifies the revocation password used for CMP. The length of
* the password must be at least 12 character long.
*
* keylabel Defines the name of the key label in the trusted keystore.
* (Required)
*
* keypasswd Defines the password of the trusted keystore. (Required)
*
* ldap Stanzas:
*
* ldappkiadmin Specifies the PKI LDAP administrator account name.
*
* ldappkiadmpwd Specifies the PKI LDAP administrator account password.
*
* ldapservers Specifies the LDAP server machine name or IP address.
*
* ldapsuffix Specifies the LDAP DN suffix for the root of the LDAP branch
* where the PKI data resides.
*
local:
carefnum = 12345678
capasswd = password1234
rvrefnum = 9999997
rvpasswd = password
keylabel = "Trusted Key"
keypasswd = somepassword
ldap:
ldappkiadmin = "cn=admin"
ldappkiadmpwd = password
ldapservers = myserver.mydomain.com
ldapsuffix = "ou=cert,cn=aixsecdb"
文件
/usr/lib/security/pki/acct.cfg