Bay Networks 5390 Administering page 434

Using Model 5390 Security
The syntax rules for the acp_keys file are:
• Any part of an IP address in the list can be specified with an asterisk (*).
• A backslash (\) is used to continue a line.
• Any ASCII character except spaces and tabs are valid encryption keys (keys are case
sensitive).
• Each key can contain a maximum of fifteen characters.
Model 5390 servers with no entries are assumed to have no key set. Because wild cards are valid,
some entries in the file may require an explicit "no key" declaration:
5390_01, 5390_02:
# 131.21 net Annexes have the same key except for 3 Annexes
131.21.*: Gub-Net
131.21.1.1: SpeciaL
131.21.2.1, 131.21.2.2:
In the following example, the first three entries specify insomniac-1 as the key for the Model 5390
server whose IP address is 132.245.6.15, no encryption for the Model 5390 server whose IP address
in 132.245.6.75, and Piano as the key for all other Model 5390 servers on the 132.245.6 subnet.
The last entry specifies gl12ch as the key for 5390_01, 5390_02, and 5390_03. Each acp_key
parameter for the Model 5390 servers listed in the example must be identical to the key included
in the acp_keys file.
132.245.6.15:insomniac-1
132.245.6.75:
132.245.6.*:Piano
5390_01,5390_02,5390_03:gl12ch
Changing the value of the acp_key parameter on any Model 5390 server requires the same change
to the acp_keys file on the security server. The recommended order for changing the ACP encryption
key on the Model 5390 is:
1
Edit the acp_keys file on all security server hosts.
2
Change the value of the acp_key parameter for all affected Model 5390 servers.
A15-14
seKret2
893-741-B