To facilitate sharing information among servers, a passkey utility is used to export the password key into a portable format that can then be copied to another machine and imported. This portable file is encrypted during the export and secured with a password; the portable file is imported into another system by using the same password.
The passkey utility is in the /usr/mvf/bin directory on Solaris and the C:\mvf\bin directory on Windows. The command can be used in various modes, specified by the -M option. The -p and -r options allow you to specify non-default file names for the system password file and portable password file.
The command syntax is as follows:
passkey -M mode, arguments [-p file_name] [-r file_name]
where:
-M mode | Arguments | Description |
|---|---|---|
CHECKKEY | -k user_key specifies the user key to check | This mode validates the user key against a portable password file. |
CREATE | -u username specifies which user to associate with the new password in the password file | This mode creates random, machine-specific passwords for users. Specify the user name for whom the password will be created, and optionally specify the name of the file to store the password in with the -p option. |
DEC | -S source_string string to decrypt -k user_key key to use to decrypt machine | This mode is used for base64 decoding and decrypting a string. The encryption/decryption mechanism uses a system-specific key, meaning that the string cannot be decrypted on another machine. It can be decrypted only on the system where it was originally encrypted. |
ENC | -S source_string string to encrypt -k user_key key to use to encrypt machine | This mode is used for base64 encoding and encrypting a string. The base64 encoding ensures the encrypted string is in ASCII format so that it can be stored in a text format. The encryption/decryption mechanism uses a system-specific key, meaning that the string cannot be decrypted on another machine. It can be decrypted only on the system where it was originally encrypted. |
EXPORT | -k user_key specifies the key to use when creating the portable password file | This mode decodes the password file using the machine-specific key, and re-encodes it into a portable password file using the specified password (user key). This portable password file can then be copied to a new system and imported (see IMPORT) using the same specified user key. |
IMPORT | -k user_key specifies the key used to create the portable password file | This mode decodes the portable password file using the user key, and re-encodes it into a password file with a machine-specific key. Creates an encrypted password file. |
QUERY | -u username specifies which user to query for | This mode queries for a password associated with a given user name. The passkey utility writes the password to stdout (standard output). Typically, this function determines what password to set up for an account on a NAS server, which will allow the IMPAX components to connect. |
SET | -u username specifies user to associate the password with -P password specifies password to associate with user | This mode sets the password for a given user to the password specified. This is used in cases where a random password is not suitable. |
VALIDATE | -u username username to use in strong password validation -P password validates password against strong password encryption rules (used by Solaris installer) | This mode can be used to test a specific password against strong password rules. A strong password must:
|
-p file_name
optionally specifies a system password file name other than the default C:\mvf\mvf.psd (AS300) or usr/mvf/mvf.psd (AS3000)
-r file_name
optionally specifies a portable password file name other than the default C:\mvf\mvf.portable.psd (AS300) or usr/mvf/mvf.portable.psd (AS3000)
 | CAUTION! The mvf.portable.psd file contains sensitive information. To maintain the security of the system, the portable password file should be deleted from both the Database Server and the target server locations after all new Network Gateway, Archive Server, Application Server, and Curator components are installed. |