Previous Topic: How to Restrict CAFT CommandsNext Topic: policy_setting Options

Connector GuidesConnectors GuideConnecting to EndpointsUNIX ETC and NIS ConnectorInstall the CAM and CAFT Encryption Key

Install the CAM and CAFT Encryption Key

Encryption is supported for Win32, AIX, HP-UX, Solaris, and Linux x86 applications. The default and only available encryption algorithm is Triple-DES (168 bits key) with CBC mode.

To install the encryption key

  1. Enter the following command at the command prompt to generate your key file: 
    #PATH=`cat /etc/catngcampath`/bin:$PATH

    	#export PATH
#caftkey -g keyfile password
    keyfile

    Name that you assign to the key file.

    password

    Password that you assign to the key file.

    Note: The caftkey command and attributes are the same for Win32 platforms.

  2. Install your Public Key on both CAFT Agent and CAFT Admin boxes using the previously-generated key file by entering the following command at the command prompt: 
    #PATH=`cat /etc/catngcampath`/bin:$PATH
	#export PATH
#caftkey -policy_setting keyfile password
    keyfile and password

    The values that you specified in Step 1.

    -policy_setting

    Governs the communication between this computer (the local computer) and other computers that have the CAM and CAFT service installed, but may or may not have the CAM and CAFT encryption certificates installed.

    -i

    Specifies Policy -1. This policy lets computers running previous versions of the CAM and CAFT service execute commands on this computer and lets this computer execute commands on those computers.

    Policy -1 encrypts messages if the other computer has these certificates installed. This policy does not encrypt messages if the other computer does not have these certificates installed.

    -m

    Specifies Policy 1. This policy prohibits other computers from executing commands on this computer if they are running previous versions of the CAM and CAFT service without the encryption certificates. This policy also prohibits this computer from executing commands on those computers.

    If both computers have the CAM and CAFT encryption certificates installed, but have different Public Key Files installed when Policy 1 is set, the command requests between the two computers fails.

    blank

    Specifies Policy 0. This policy is set if no Public Key File is installed, the CAM and CAFT encryption certificates were not installed properly, or if you do not specify a policy setting when you enter the caftkey command. Policy 0 specifies no encryption.

    Note: The CAM and CAFT service must already be installed on the computer in your network.

  3. Restart the CAM Service on each computer on which you installed the new key, using hte following commands: 
    camclose

    cam start