Kms server authentication settings – HP Secure Key Manager User Manual
Page 187
Description
Component
The Connection Timeout value specifies in seconds how long client connections can
remain idle before the KMS Server begins closing them. The default value is 60; the
maximum value is 7200 (2 hours). Specifying a value of 0 means that the KMS Server
will not close client connections due to inactivity.
Connection Timeout
(sec)
When this feature is enabled, the KMS Server allows the following actions:
•
key creation and deletion.
•
key import.
•
users with User Administration Permission can create, delete, and modify users and
groups (available only through the XML interface.)
When this feature is disabled, only authentication, cryptographic, and random number
generation requests are available. By default, this feature is disabled.
When using the multiple credentials feature, enabling this option allows users (and
unauthenticated sessions) to perform the actions listed without being subjected to the
multiple credentials rule.
IMPORTANT:
This feature may pose a security loophole. You might allow this access for
automated scripts, or you might disallow it to tighten security.
IMPORTANT:
Enabling this feature on a FIPS-compliant device will take the device out of FIPS
compliance - possibly in a manner that does not comply with FIPS standards.
For information on disabling FIPS compliance, see
Allow Key and Policy
Configuration Opera-
tions
When this feature is enabled, the KMS Server allows key export.
IMPORTANT:
Enabling this feature on a FIPS-compliant device will take the device out of FIPS
compliance - possibly in a manner that does not comply with FIPS standards.
For information on disabling FIPS compliance, see
Allow Key Export
Click Edit to modify the KMS Server settings.
Edit
KMS Server Authentication Settings
The KMS Server Authentication Settings section, shown here, allows you to specify whether and how
clients authenticate to the KMS Server.
Secure Key Manager
187