Bay Networks 6300 Supplement Manual page 262

Chapter 15 Using RA 6300 Security
Remote Annex 6300 Supplement to the Remote Annex Administrator's Guide for UNIX
A-234
In the following example, the first three entries specify insomniac-1 as
the key for the RA 6300 whose IP address is 132.245.6.15, no encryption
for the RA 6300 whose IP address is 132.245.6.75, and Piano as the key
for all other RA 6300s on the 132.245.6 subnet. The last entry specifies
gl12ch as the key for annex01, annex02, and annex03. Each acp_key
parameter for the RA 6300s listed in the example must be identical to the
key included in the acp_keys file.
132.245.6.15:insomniac-1
132.245.6.75:
132.245.6.*:Piano
annex01,annex02,annex03:gl12ch
Changing the value of the acp_key parameter on any RA 6300 requires
the same change to the acp_keys file on the security server. The
recommended order for changing the ACP encryption key on an RA 6300
is:
1. Edit the acp_keys file on all security server hosts.
2. Change the value of the acp_key parameter for all affected
RA 6300s.
3. Update the cache by sending the erpcd on all security server
hosts a HUP signal with kill.
kill –HUP <pid_number>
4. Reset the security subsystem for all affected RA 6300s using
the na command reset annex security.
Book A