You must have PEF authorization in the AUTHORIZ CONFIG file, and must have access to the PENCRYPT EXEC on the deployed administration minidisk (usually the VMSECURE 176).
The PENCRYPT utility processes all directory logon and minidisk passwords after it backs up the directory containing them. The directory is backed up in its current form, either encrypted or clear plain text.
Use this utility to establish encryption during CA VM:Secure installation, or during conversion to PEF, when you begin using encrypted passwords. It can also be used to undo the effects of REVERSE encryption.
Important! Immediately after running this utility, you must restart your VM system and run a CP nucleus which you have properly configured for password encryption, otherwise no one will be able to logon or otherwise use passwords. You should prepare this final CP Nucleus before running this utility, so you can immediately restart your VM system on the new Nucleus.
Important information for DES3! You must generate an intermediate version of the CP Nucleus component containing a DES3KEY definition before executing the PENCRYPT utility. Then you generate a final CP Nucleus to implement triple DES encryption. Therefore, you will need to shutdown and re‑initialize your VM system and CA VM:Secure twice during the transition to triple DES encryption.
Before running this utility, you have to initialize CA VM:Secure with a CP nucleus containing the triple DES key. Use the DES3KEY record in the VMXRPI CONFIG file to create this nucleus. This allows you to specify the encryption key to be used to perform the triple DES encryption with the PENCRYPT utility.
After you use this utility, you need to initialize CA VM:Secure with a CP nucleus that has been configured with triple DES encryption indicated. Use the ENCRYPT DES3 record in the VMXRPI CONFIG to create this nucleus.
Note: For more information about Installing PEF, see the chapter "Password Encryption Facility" in the Rules Facility Guide.
Use this operand to encrypt all logon and minidisk passwords using a proprietary, reversible encryption algorithm. Later, this encryption may be reversed by running this utility again, this time with the DECRYPT operand.
Use this operand to encrypt all logon and minidisk passwords using a proprietary, one-way encryption algorithm. Encryption using this operand CANNOT be reversed or decrypted, unlike passwords encrypted using the REVERSE algorithm. Forward encryption can be more secure than reverse encryption simply because it can never be decrypted.
Use this operand to one-way encrypt all logon and minidisk passwords using a triple DES algorithm. This type of encryption is not reversible.
Use this operand to decrypt all logon and minidisk passwords by decrypting, or reversing the encryption of passwords encrypted previously using the REVERSE operand.
|
Copyright © 2014 CA.
All rights reserved.
|
|