Table 86 Zeroization Behavior - HP StoreFabric SN6500B Administrator's Manual
Fabric os administrator's guide, 7.1.0 (53-1002745-02, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Update manual (9 pages) ,
- Administrator's manual (108 pages) ,
- Quickspecs (24 pages)
Table of Contents
Advertisement
B
Zeroization functions
TABLE 86
Keys
FCSP Challenge
Handshake
Authentication Protocol
(CHAP) Secret
LDAP CA certificate
Passwords
RADIUS secret
RNG seed key
SFTP session keys
SSH RSA private key
SSH public keys
SSH session key
TLS authentication key
TLS pre-master secret
TLS private keys
TLS session key
616
Zeroization behavior (Continued)
Zeroization CLI
secAuthSecret –-remove
secCertUtil delete –
ldapcacert <certname>
passwdDefault
aaaConfig –-remove
No command required
No command required
sshUtil delprivkey
sshUtil delpubkeys
No command required
No command required
No command required
secCertUtil delkey -all
No command required
Description
The secAuthsecret -–create command is used to input
the keys, and the secAuthsecret -–remove command is
used to remove and zeroize the keys. All the
DHCHAP/FCAP authenticated ports are disabled after
zeroization.
The given LDAP certificate file is zeroized and deleted
from the module.
The passwdDefault command removes user-defined
accounts in addition to default passwords for the root,
admin, and user default accounts. However, only the
root account has permissions for this command. Users
with securityadmin and admin permissions must use
fipsCfg –-zeroize, which, in addition to removing user
accounts and resetting passwords, also performs the
complete zeroization of the system.
Notes:
•
In a dual CP system, executing passwdDefault
syncs with the standby. This means that when
passwdDefault is executed in the active CP, user-
defined accounts are removed from both the
active and standby CPs and only the default
accounts [root, factory, admin, and user] will be
retained. These accounts will have the generic
default passwords set.
•
To maintain FIPS 140-2 compliance, passwords
for the default accounts (admin and user) must be
changed after every zeroization operation.
The aaaConfig --remove command zeroizes the secret
and deletes a configured server. The aaaConfig --add
command configures the RADIUS server.
/dev/urandom is used as the initial source of seed for
RNG. The RNG seed key is zeroized on every random
number generation.
Automatically zeroized on session termination.
Key-based SSH authentication is not used for SSH
sessions.
Zeroizes the SSH public.
This key is generated for each SSH session that is
established with the host. It automatically zeroizes on
session termination.
Automatically zeroized on session termination.
Automatically zeroized on session termination.
The secCertUtil delkey -all command is used to zeroize
these keys. The secCertUtil genkey command creates
the keys. Only RSA keys of size 1024 or 2048 are
allowed.
Automatically zeroized on session termination.
Fabric OS Administrator's Guide
53-1002745-02
- Quick Links:
- Performing Basic Configuration Tasks
Hide quick links:
Advertisement
Table of Contents
