summaryrefslogtreecommitdiff
path: root/usr/src/man/man1/kmfcfg.1
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/man/man1/kmfcfg.1')
-rw-r--r--usr/src/man/man1/kmfcfg.183
1 files changed, 7 insertions, 76 deletions
diff --git a/usr/src/man/man1/kmfcfg.1 b/usr/src/man/man1/kmfcfg.1
index 5ff293370f..c42643c270 100644
--- a/usr/src/man/man1/kmfcfg.1
+++ b/usr/src/man/man1/kmfcfg.1
@@ -3,13 +3,13 @@
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH kmfcfg 1 "3 Feb 2009" "SunOS 5.11" "User Commands"
+.TH KMFCFG 1 "Feb 3, 2009"
.SH NAME
kmfcfg \- Key Management Policy and Plugin Configuration Utility
.SH SYNOPSIS
.LP
.nf
-\fBkmfcfg\fR \fIsubcommand\fR [\fIoption\fR ...]
+\fBkmfcfg\fR \fIsubcommand\fR [\fIoption\fR ...]
.fi
.SH DESCRIPTION
@@ -33,7 +33,6 @@ information, install or uninstall a KMF plugin, and modify the plugin option.
The following subcommands are supported:
.sp
.ne 2
-.mk
.na
\fB\fBcreate\fR\fR
.ad
@@ -82,7 +81,6 @@ create [dbfile=\fIdbfile\fR] policy=\fIpolicyname\fR
The \fBcreate\fR subcommand supports the following options:
.sp
.ne 2
-.mk
.na
\fB\fBcrl-basefilename=\fR\fIfilename\fR\fR
.ad
@@ -112,7 +110,6 @@ file-based CRL plugins are \fBfile\fR and \fBpkcs11\fR keystores. For the
.sp
.ne 2
-.mk
.na
\fB\fBcrl-get-crl-uri=true | false\fR\fR
.ad
@@ -127,7 +124,6 @@ The default for this attribute is \fBfalse\fR.
.sp
.ne 2
-.mk
.na
\fB\fBcrl-ignore-crl-date=true | false\fR\fR
.ad
@@ -141,7 +137,6 @@ The default for this attribute is \fBfalse\fR.
.sp
.ne 2
-.mk
.na
\fB\fBcrl-ignore-crl-sign=true | false\fR\fR
.ad
@@ -155,7 +150,6 @@ The default for this attribute is \fBfalse\fR.
.sp
.ne 2
-.mk
.na
\fB\fBcrl-proxy=\fR \fIURL\fR\fR
.ad
@@ -171,7 +165,6 @@ value is \fB8080\fR. An example \fBcrl-proxy\fR setting might be:
.sp
.ne 2
-.mk
.na
\fB\fBdbfile=\fR\fIdbfile\fR\fR
.ad
@@ -183,7 +176,6 @@ KMF policy database file \fB/etc/security/kmfpolicy.xml\fR.
.sp
.ne 2
-.mk
.na
\fB\fBekuoids=\fR\fIEKUOIDS\fR\fR
.ad
@@ -197,7 +189,6 @@ example, \fB1.2.3.4\fR. An example \fBekuoids\fR setting might be:
.sp
.ne 2
-.mk
.na
\fB\fBekunames=\fR\fIEKUNAMES\fR\fR
.ad
@@ -218,7 +209,6 @@ attribute is set, then the extended key usage checking is turned on.
.sp
.ne 2
-.mk
.na
\fB\fBignore-date=true | false\fR\fR
.ad
@@ -231,7 +221,6 @@ periods defined in the certificates when evaluating their validity.
.sp
.ne 2
-.mk
.na
\fB\fBignore-unknown-eku=true | false\fR\fR
.ad
@@ -244,7 +233,6 @@ in the Extended Key Usage extension.
.sp
.ne 2
-.mk
.na
\fB\fBignore-trust-anchor=true | false\fR\fR
.ad
@@ -258,7 +246,6 @@ validation.
.sp
.ne 2
-.mk
.na
\fB\fBkeyusage=\fR\fIKUVALUES\fR\fR
.ad
@@ -273,7 +260,6 @@ being defined. The list of values allowed are: \fBdigitalSignature\fR,
.sp
.ne 2
-.mk
.na
\fB\fBocsp-ignore-response-sign=true | false\fR\fR
.ad
@@ -285,7 +271,6 @@ not verified. This attribute value is default to \fBfalse\fR.
.sp
.ne 2
-.mk
.na
\fB\fBocsp-proxy=\fR\fIURL\fR\fR
.ad
@@ -298,7 +283,6 @@ the port number is not specified, the default value is 8080. An example
.sp
.ne 2
-.mk
.na
\fB\fBocsp-response-lifetime=\fR\fItimelimit\fR\fR
.ad
@@ -312,7 +296,6 @@ be:\fBocsp-response-lifetime=6-hour\fR.
.sp
.ne 2
-.mk
.na
\fB\fBocsp-responder-cert-name=\fR\fIIssuerDN\fR\fR
.ad
@@ -334,7 +317,6 @@ be provided.
.sp
.ne 2
-.mk
.na
\fB\fBocsp-responder=\fR\fIURL\fR\fR
.ad
@@ -346,7 +328,6 @@ example, \fBocsp-responder=http://ocsp.verisign.com/ocsp/status\fR
.sp
.ne 2
-.mk
.na
\fBo\fBcsp-use-cert-responder=true | fals\fRe\fR
.ad
@@ -358,7 +339,6 @@ itself if possible.
.sp
.ne 2
-.mk
.na
\fB\fBpolicy=\fR\fIpolicyname\fR\fR
.ad
@@ -369,7 +349,6 @@ The policy record to be created. \fIpolicyname\fR is required.
.sp
.ne 2
-.mk
.na
\fB\fBvalidity-adjusttime=\fR\fIadjusttime\fR\fR
.ad
@@ -396,7 +375,6 @@ is false.
.sp
.ne 2
-.mk
.na
\fB\fBdelete\fR\fR
.ad
@@ -417,12 +395,10 @@ delete [dbfile=\fIdbfile\fR] policy=\fIpolicyname\fR
The \fBdelete\fR subcommand supports the following options:
.sp
.ne 2
-.mk
.na
\fBdbfile=\fIdbfile\fR\fR
.ad
.RS 21n
-.rt
Read policy definitions from the indicated file. If \fIdbfile\fR is not
specified, , the default is the system KMF policy database file:
\fB/etc/security/kmfpolicy.xml\fR.
@@ -430,12 +406,10 @@ specified, , the default is the system KMF policy database file:
.sp
.ne 2
-.mk
.na
\fBpolicy=\fIpolicyname\fR\fR
.ad
.RS 21n
-.rt
The name of the policy to delete. \fIpolicyname\fR is required, if using the
system database.
.RE
@@ -444,7 +418,6 @@ system database.
.sp
.ne 2
-.mk
.na
\fB\fBexport\fR\fR
.ad
@@ -464,12 +437,10 @@ kmfcfg export policy=\fIpolicyname\fR outfile=\fInewdbfile\fR [dbfile=\fIdbfile\
The \fBexport\fR subcommand supports the following options:
.sp
.ne 2
-.mk
.na
\fBdbfile=\fIdbfile\fR\fR
.ad
.RS 24n
-.rt
The DB file where the exported policy is read. If \fIdbfile\fR is not
specified, the default is the system KMF policy database file:
\fB/etc/security/kmfpolicy.xml\fR.
@@ -477,23 +448,19 @@ specified, the default is the system KMF policy database file:
.sp
.ne 2
-.mk
.na
\fBoutfile=\fIoutputdbfile\fR\fR
.ad
.RS 24n
-.rt
The DB file where the exported policy is stored.
.RE
.sp
.ne 2
-.mk
.na
\fBpolicy=\fIpolicyname\fR\fR
.ad
.RS 24n
-.rt
The policy record to be exported.
.RE
@@ -501,7 +468,6 @@ The policy record to be exported.
.sp
.ne 2
-.mk
.na
\fB\fBhelp\fR\fR
.ad
@@ -522,7 +488,6 @@ help
.sp
.ne 2
-.mk
.na
\fB\fBimport\fR\fR
.ad
@@ -542,34 +507,28 @@ kmfcfg import policy=\fIpolicyname\fR infile=\fIinputdbfile\fR [dbfile=\fIdbfile
The \fBimport\fR subcommand supports the following options:
.sp
.ne 2
-.mk
.na
\fBpolicy=\fIpolicyname\fR\fR
.ad
.RS 22n
-.rt
The policy record to be imported.
.RE
.sp
.ne 2
-.mk
.na
\fBinfile=\fIinputdbfile\fR\fR
.ad
.RS 22n
-.rt
The DB file to read the policy from.
.RE
.sp
.ne 2
-.mk
.na
\fBdbfile=\fIoutdbfile\fR\fR
.ad
.RS 22n
-.rt
The DB file to add the new policy. If not specified, the default is the system
KMF policy database file \fB/etc/security/kmfpolicy.xml\fR.
.RE
@@ -578,7 +537,6 @@ KMF policy database file \fB/etc/security/kmfpolicy.xml\fR.
.sp
.ne 2
-.mk
.na
\fB\fBlist\fR\fR
.ad
@@ -599,24 +557,20 @@ list [dbfile=\fIdbfile\fR] [policy=\fIpolicyname\fR]
The \fBlist\fR subcommand supports the following options:
.sp
.ne 2
-.mk
.na
\fBdbfile=\fIdbfile\fR\fR
.ad
.RS 21n
-.rt
Reads policy definitions from the indicated file. If not specified, the default
is the system KMF policy database file \fB/etc/security/kmfpolicy.xml\fR.
.RE
.sp
.ne 2
-.mk
.na
\fBpolicy=\fIpolicyname\fR\fR
.ad
.RS 21n
-.rt
Only display policy definition for the named policy.
.RE
@@ -624,7 +578,6 @@ Only display policy definition for the named policy.
.sp
.ne 2
-.mk
.na
\fB\fBmodify\fR\fR
.ad
@@ -682,36 +635,30 @@ subcommand.
The \fBmodify\fR subcommand supports the following unique options:
.sp
.ne 2
-.mk
.na
\fB\fBcrl-none=true | false\fR\fR
.ad
.RS 30n
-.rt
If \fBcrl-none\fR is set to \fBtrue\fR, CRL checking is turned off. If this
attribute is set to \fBtrue\fR, other CRL attributes cannot be set.
.RE
.sp
.ne 2
-.mk
.na
\fBdfile=[\fIdbfile\fR]\fR
.ad
.RS 30n
-.rt
The database file to modify a policy. If not specified, the default is the
system KMF policy database file \fB/etc/security/kmfpolicy.xml\fR.
.RE
.sp
.ne 2
-.mk
.na
\fBeku-none=true | false\fR
.ad
.RS 30n
-.rt
If \fBeku-none\fR is set to \fBtrue\fR, extended key usage checking is turned
off. The extended key usage attributes, \fBekuname\fR and \fBekuoids\fR cannot
be set at the same time if \fBeku-none\fR is set to \fBtrue\fR.
@@ -719,12 +666,10 @@ be set at the same time if \fBeku-none\fR is set to \fBtrue\fR.
.sp
.ne 2
-.mk
.na
\fBkeyusage-none=true | false\fR
.ad
.RS 30n
-.rt
If \fBkeyusage-none\fR is set to true, key usage checking is turned off.
.sp
The \fBkeyusage\fR attribute cannot be set at the same time if this attribute
@@ -733,24 +678,20 @@ is set to \fBtrue\fR.
.sp
.ne 2
-.mk
.na
\fBocsp-none=true | false\fR
.ad
.RS 30n
-.rt
If \fBocsp-none\fR is set to true, OCSP checking is turned off. Any other OCSP
attribute is not set at the same time if this attribute is set to \fBtrue\fR.
.RE
.sp
.ne 2
-.mk
.na
\fBpolicy=\fIpolicyname\fR\fR
.ad
.RS 30n
-.rt
The name of the policy to modify. \fIpolicyname\fR is required.
The \fBdefault\fR policy in the system KMF policy database cannot be modified.
.RE
@@ -760,7 +701,6 @@ The \fBdefault\fR policy in the system KMF policy database cannot be modified.
.SS "Plugin Subcommands"
.sp
.ne 2
-.mk
.na
\fB\fBinstall keystore=\fR\fIkeystore_name\fR \fBmodulepath=\fR\fIpathname\fR\e
\fB[option=\fR\fIoption_str\fR\fB]\fR\fR
@@ -777,7 +717,6 @@ the calling program's instruction set architecture.
.sp
.ne 2
-.mk
.na
\fB\fBlist plugin\fR\fR
.ad
@@ -791,7 +730,6 @@ as described in the \fBSUBCOMMANDS\fR section.
.sp
.ne 2
-.mk
.na
\fB\fBmodify plugin keystore=\fR\fIkeystore_name\fR
\fBoption=\fR\fIoption_str\fR\fR
@@ -808,7 +746,6 @@ configuration as described in the \fBSUBCOMMANDS\fR section.
.sp
.ne 2
-.mk
.na
\fB\fBuninstall keystore=\fR\fIkeystore_name\fR\fR
.ad
@@ -842,30 +779,25 @@ ekuname=ipsecTunnel,ipsecUser
The following exit values are returned:
.sp
.ne 2
-.mk
.na
\fB\fB0\fR\fR
.ad
.RS 6n
-.rt
Successful completion.
.RE
.sp
.ne 2
-.mk
.na
\fB\fB>0\fR\fR
.ad
.RS 6n
-.rt
An error occurred.
.RE
.SH FILES
.sp
.ne 2
-.mk
.na
\fB\fB/etc/security/kmfpolicy.xml\fR\fR
.ad
@@ -882,13 +814,12 @@ See \fBattributes\fR(5) for descriptions of the following attributes:
.sp
.TS
-tab() box;
-cw(2.75i) |cw(2.75i)
-lw(2.75i) |lw(2.75i)
-.
-ATTRIBUTE TYPEATTRIBUTE VALUE
+box;
+c | c
+l | l .
+ATTRIBUTE TYPE ATTRIBUTE VALUE
_
-Interface StabilityUncommitted
+Interface Stability Uncommitted
.TE
.SH SEE ALSO
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-04 20:04:13 +0000