FIPS compliance ··························································································································································· 197

Password control configuration task list ····················································································································· 198

Configuring password control ···································································································································· 198

Enabling password control ································································································································· 198

Setting global password control parameters ···································································································· 199

Setting user group password control parameters ···························································································· 200

Setting local user password control parameters ······························································································ 201

Setting super password control parameters ····································································································· 201

Setting a local user password in interactive mode ·························································································· 202

Displaying and maintaining password control ········································································································· 202

Password control configuration example ·················································································································· 203

HABP configuration ················································································································································· 206

Introduction to HABP ···················································································································································· 206

Configuring HABP ························································································································································ 207

Configuring the HABP server ····························································································································· 207

Configuring an HABP client ······························································································································· 207

Displaying and maintaining HABP ····························································································································· 208

HABP configuration example ······································································································································ 208

Network requirements ········································································································································· 208

Configuration procedure ···································································································································· 209

Public key configuration ········································································································································· 211

Asymmetric key algorithm overview ·························································································································· 211

Basic concepts ····················································································································································· 211

Key algorithm types ············································································································································· 211

Asymmetric key algorithm applications ············································································································ 212

Configuring the local asymmetric key pair ··············································································································· 212

Creating an asymmetric key pair ······················································································································ 212

Displaying or exporting the local RSA or DSA host public key······································································ 213

Destroying an asymmetric key pair ··················································································································· 213

Configuring a remote host's public key ····················································································································· 214

Displaying and maintaining public keys ··················································································································· 215

Public key configuration examples ····························································································································· 215

Configuring a remote host's public key manually ··························································································· 215

Importing a remote host's public key from a public key file ··········································································· 217

PKI configuration ····················································································································································· 220

Introduction to PKI ························································································································································ 220

PKI overview ························································································································································ 220

PKI terms ······························································································································································· 220

Architecture of PKI ··············································································································································· 221

Applications of PKI ·············································································································································· 222

Operation of PKI ·················································································································································· 222

PKI configuration task list ············································································································································ 223

Configuring an entity DN ············································································································································ 223

Configuring a PKI domain ··········································································································································· 224

Submitting a PKI certificate request ···························································································································· 226

Submitting a certificate request in auto mode ·································································································· 226

Submitting a certificate request in manual mode ····························································································· 227

Retrieving a certificate manually ································································································································ 228

Configuring PKI certificate verification ······················································································································ 228

Destroying a local RSA key pair ································································································································ 230

Deleting a certificate ···················································································································································· 230

Configuring an access control policy ························································································································ 230