HP 1606 Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 562
Power-up self tests, Conditional tests, Zeroization behavior Continued
View all HP 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 562 highlights
D Zeroization functions TABLE 102 Zeroization behavior (Continued) Keys Zeroization CLI FCSP Challenge Handshake Authentication Protocol (CHAP) Secret Passwords secAuthSecret --remove value | --all passwdDefault fipscfg --zeroize RADIUS secret RNG seed key aaaConfig --remove No CLI required SSH RSA private key SSH RSA public key SSH session key sshutil delprivkey sshutil delpubkeys No CLI required Third-party keys TLS authentication key TLS pre-master secret TLS private keys secCertUtil delete -fcapall No CLI required No CLI required secCertUtil delkey -all TLS session key No CLI required Description The secAuthSecret --remove value is used to remove the specified keys from the database. When the secAuthSecret command is used with --remove --all option then the entire key database is deleted. This will remove user-defined accounts in addition to default passwords for the root, admin, and user default accounts. However only root has permissions for this command. So securityadmin and admin roles need to use fipsCfg --zeroize, which in addition to removing user accounts and resetting passwords, also does the complete zerioization of the system. The aaaConfig --remove zeroizes the secret and deletes a configured server. /dev/urandom is used as the initial source of seed for RNG. RNG seed key is zeroized on every random number generation. Key-based SSH authentication is not used for SSH sessions. Key-based SSH authentication is not used for SSH sessions. This is generated for each SSH session that is established to and from the host. It automatically zeroizes on session termination. Used to zeroize third-party keys. Automatically zeroized on session termination. Automatically zeroized on session termination. The command secCertUtil delkey -allis used to zeroize these keys. Automatically zeroized on session termination. Power-up self tests The power-up self tests (POST) are invoked by powering on the switch in FIPS mode and do not require any operator intervention. These power-up self tests perform power-on self-tests. If any KATs fail, the switch goes into a FIPS Error state which reboots the system to start the tests again. If the switch continues to fail the FIPS POSTs, you will need to boot into single-user mode and perform a recovery procedure to reset the switch. For more information on this procedure, refer to the Fabric OS Troubleshooting and Diagnostics Guide. Conditional tests These tests are for the random number generators and are executed to verify the randomness of the random number generator. The conditional tests are executed each time prior to using the random number provided by the random number generator. 522 Fabric OS Administrator's Guide 53-1001763-01