acct.cfg File

Purpose

The acct.cfg file consists of CA stanzas and LDAP stanzas. The CA stanzas contain private CA information not suitable for the publicly readable ca.cfg file. LDAP stanzas contain LDAP information such as LDAP administrative names and passwords.

Description

For every CA stanza in the ca.cfg file, the acct.cfg file should contain an equivalently named CA stanza, and all CA stanzas must be uniquely named. On the other hand, all LDAP stanzas are named ldap. For this reason, a CA stanza cannot be named ldap. Also, no stanza can be named default. An LDAP stanza must exist and at least one CA stanza, named local must exist.

Examples

*******************************************************************************
* CA Stanzas:
*

* carefnum        Specifies the CA's reference number used while communicating
*                 with the CA through CMP. This value must be the same value as
*                 the one that is specified while configuring the CA. (Required)
*
* capasswd        Specifies the CA's password used while commuinicating with
*                 the CA. The length of the password must be at least 12
*                 characters long. This value must be the same value as the one
*                 that is specified while configuring the CA.(Required)
*
* rvrefnum       Specifies the revocation reference number used for revoking
*                 a certificate
*
* rvpasswd       Specifies the revocation password used for CMP. The length of
*                 the password must be at least 12 character long.
*
* keylabel        Defines the name of the key label in the trusted keystore.
*                 (Required)
*
* keypasswd       Defines the password of the trusted keystore. (Required)
*

* ldap Stanzas:
*
* ldappkiadmin    Specifies the PKI LDAP administrator account name.
*
* ldappkiadmpwd   Specifies the PKI LDAP administrator account password.
*
* ldapservers     Specifies the LDAP server machine name or IP address.
*
* ldapsuffix      Specifies the LDAP DN suffix for the root of the LDAP branch
*                 where the PKI data resides.
*

local:
      carefnum = 12345678
      capasswd = password1234
      rvrefnum = 9999997
      rvpasswd = password
      keylabel = "Trusted Key"
      keypasswd = somepassword

ldap:
      ldappkiadmin = "cn=admin"
      ldappkiadmpwd = password
      ldapservers = myserver.mydomain.com
      ldapsuffix = "ou=cert,cn=aixsecdb"

File

/usr/lib/security/pki/acct.cfg