IBM Support

How can I access my EFS Keystore?

Question & Answer


Question

If my login password and EFS Keystore password do not match, how can I access my EFS Keystore?

Answer

If a user's password to log in to AIX is not the same as their EFS Keystore password, or if a user logs in via ssh, the keystore will not be automatically loaded into their environment.

A user in this instance will see this error if he tries to view the current keys:

$ efskeymgr -V
There is no key loaded in the current process.

An easy way to get the EFS keystore loaded is to start up a new shell and load the keystore in to it, using:

$ efskeymgr -o <cmd>

-o <cmd>
Opens the keystore and pushes the keys, then runs
the cmd command. The keys are discarded when the
command terminates.

The efskeymgr command will ask for your EFS Keystore password when you run this:

$ efskeymgr -o ksh
bob's EFS password:

Now check to see that your key is loaded into the current environment:

$ efskeymgr -V
List of keys loaded in the current process:
 Key #0:
     Kind ..................... User key
     Id   (uid / gid) ......... 204
     Type ..................... Private key
     Algorithm ................ RSA_1024
     Validity ................. Key is valid
     Fingerprint .............. b417df90:44455d7c:36d35d50:9feae7f5:b6304183

To exit this mode, simply type "exit" to get back to your original login shell.

[{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"}],"Version":"6.1;7.1","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
17 June 2018

UID

isg3T1010717