Provided by: opencryptoki_3.21.0+dfsg-0ubuntu1.1_amd64 bug

NAME

       pkcsicsf - configuration utility for the ICSF token

SYNOPSIS

       pkcsicsf  [-h]  [-l|-a token name] [-b BINDDN] [-c client-cert-file] [-C CA-cert-file] [-k
       privatekey] [-m mechanism] [-u URI]

DESCRIPTION

       The pkcsicsf utility lists available ICSF tokens and allows user to add one specific  ICSF
       token to opencryptoki.

       The  ICSF  token  must  be  added  first  to  opencryptoki.  This  creates an entry in the
       opencryptoki.conf file for the ICSF token. It also creates
        a token_name.conf configuration file in the same directory as the opencryptoki.conf file,
       containing ICSF specific information.  This information is read by the ICSF token.

       The ICSF token must bind and authenticate to an LDAP server.  The supported authentication
       mechanisms are simple and sasl.  One of these mechanisms must be entered when listing  the
       available ICSF tokens or when adding an ICSF token. Opencryptoki currently supports adding
       only one ICSF token.

       The system admin can either allow the ldap calls to utilize existing ldap configs, such as
       ldap.conf  or  .ldaprc  for  bind  and  authentication  information  or  set  the bind and
       authentication information within opencryptoki by using this utility and its options.  The
       information  will then be placed in the token_name.conf file to be used in the ldap calls.
       When using simple authentication, the user will be prompted for  the  racf  password  when
       listing or adding a token.

       The pkcsicsf utility must be run as root when adding an ICSF token to opencryptoki.

OPTIONS

       -a token name
                 add the specified ICSF token to opencryptoki.

       -b BINDND the distinguish name to bind when using simple authentication

       -c client-cert-file
                 the client certificate file when using SASL authentication

       -C CA-cert-file
                 the CA certificate file when using SASL authentication

       -h        show usage information

       -k privatekey
                 the client private key file when using SASL authentication

       -m mechanism
                 the authentication mechanism to use when binding to the LDAP server (this should
                 be either simple or sasl)

       -l        list available ICSF tokens

       -h        show usage information

FILES

       /etc/opencryptoki/opencryptoki.conf
              the opencryptoki config file containing token configuration information

       /etc/opencryptoki/token_name.conf
              contains ICSF configuration information for the ICSF token

SEE ALSO

       opencryptoki(7),
       pkcsslotd(8).
       pkcsconf(8).