Domain: | SECURITY-ADMINISTRATION |
Privileges: | SECURITY-ADMINISTRATION |
The security administrator (by default the user ID SYSPRIV) can use this command to create a new entry in the key table.
An entry consists of the name of the BS2000 system as entered in the KDC (Key Distribution Center) and multiple keys which are derived from the specified password and the computer name using cryptographical methods. The password itself is not stored.
ADD-KEYTAB-ENTRY | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ENTRY-IDENTIFICATION = *STD / <name 1..8>
Any identification of the entry as a reference to the commands /MODIFY-, /REMOVE- or /SHOW-KEYTAB-ENTRY.
ENTRY-IDENTIFICATION = *STD
Creates a standard entry. This entry is provided for the $DIALOG application.
PRINCIPAL = <c-string 1..1800 with-low>
Kerberos name of the BS2000 system to which access is to be granted.
The name of an application’s principal normally comprises three components: application, instance and realm. The format of a typical Kerberos V5 principal name is:
Application/Instance@REALM
where
Application
is the ’host’ for the application $DIALOG or the name of the application
Instance
is the DNS name of the computer on which the application runs
REALM
is the name of the Kerberos domain, by convention in upper case
PUBSET = *HOME / <cat-id 1..4>
Catalog ID of the pubset in whose user catalog the keys are entered. During operation the keys of the home pubset are definitive.
KEY =
Specifies whether keys are to be entered.
KEY = *NONE
No keys are entered at present.
KEY = *PASSWORD(...)
The keys are generated from a password.
PASSWORD =
Password of the BS2000 system.
PASSWORD = *SECRET-PROMPT(...)
The password is to remain hidden when entered.
KEY-PASSWORD =
Password of the BS2000 system as defined in the KDC.
KEY-PASSWORD = *SECRET
The password is requested in hidden mode.
KEY-PASSWORD = <c-string 1..127 with-low>
Specification of the password.
CONFIRM-PASSWORD = *SECRET / <c-string 1..127 with-low>
Repetition of the password entered in hidden mode.
CONFIRM-PASSWORD = *SECRET
The password is requested in hidden mode.
CONFIRM-PASSWORD = <c-string 1..127 with-low>
Repeated specification of the password.
PASSWORD = <c-string 1..127 with-low>
Password of the BS2000 system as defined in the KDC.
KEY-VERSION = 0 / <integer 0..2147483647>
Specification of the key version.
KEY-OVERLAP-PERIOD = *UNLIMITED / *NO / <integer 0..32767>(...)
Specifies how long keys remain valid after they have been replaced by a key of the same encryption type (ENCRYPTION-TYPE) with a higher key version (KEY-VERSION).
KEY-OVERLAP-PERIOD = *UNLIMITED
Obsolete keys remain valid for an unlimited period.
KEY-OVERLAP-PERIOD = *NO
Obsolete keys are deleted immediately.
KEY-OVERLAP-PERIOD = <integer 0..32767>(...)
Obsolete keys are deleted after the specified period has elapsed.
A key is obsolete if it and the key with the next highest version are both older than the time period specified.
DIMENSION = *MINUTES / *HOURS / *DAYS
Unit and accuracy of the time period specified.
SYSTEM-DEFAULT = *NO / *YES
Specifies whether this entry should be made the system default. If none of the named entries has been declared as the system default, the *STD entry automatically inherits this property. All applications which do not specify a particular entry for the ticket request and decryption use the system default.