The acct.cfg file consists of CA stanzas and LDAP stanzas. The CA stanzas contain private CA information not suitable for the publicly readable ca.cfg file. LDAP stanzas contain LDAP information such as LDAP administrative names and passwords.
For every CA stanza in the ca.cfg file, the acct.cfg file should contain an equivalently named CA stanza, and all CA stanzas must be uniquely named. On the other hand, all LDAP stanzas are named ldap. For this reason, a CA stanza cannot be named ldap. Also, no stanza can be named default. An LDAP stanza must exist and at least one CA stanza, named local must exist.
*******************************************************************************
* CA Stanzas:
*
* carefnum Specifies the CA's reference number used while communicating
* with the CA through CMP. This value must be the same value as
* the one that is specified while configuring the CA. (Required)
*
* capasswd Specifies the CA's password used while commuinicating with
* the CA. The length of the password must be at least 12
* characters long. This value must be the same value as the one
* that is specified while configuring the CA.(Required)
*
* rvrefnum Specifies the revocation reference number used for revoking
* a certificate
*
* rvpasswd Specifies the revocation password used for CMP. The length of
* the password must be at least 12 character long.
*
* keylabel Defines the name of the key label in the trusted keystore.
* (Required)
*
* keypasswd Defines the password of the trusted keystore. (Required)
*
* ldap Stanzas:
*
* ldappkiadmin Specifies the PKI LDAP administrator account name.
*
* ldappkiadmpwd Specifies the PKI LDAP administrator account password.
*
* ldapservers Specifies the LDAP server machine name or IP address.
*
* ldapsuffix Specifies the LDAP DN suffix for the root of the LDAP branch
* where the PKI data resides.
*
local:
carefnum = 12345678
capasswd = password1234
rvrefnum = 9999997
rvpasswd = password
keylabel = "Trusted Key"
keypasswd = somepassword
ldap:
ldappkiadmin = "cn=admin"
ldappkiadmpwd = password
ldapservers = myserver.mydomain.com
ldapsuffix = "ou=cert,cn=aixsecdb"
/usr/lib/security/pki/acct.cfg