beautypg.com

Dell POWEREDGE M1000E User Manual

Page 616

background image

616

Fabric OS Administrator’s Guide

53-1002745-02

Zeroization functions

B

FCSP Challenge
Handshake
Authentication Protocol
(CHAP) Secret

secAuthSecret –-remove

The secAuthsecret -–create command is used to input
the keys, and the secAuthsecret -–remove command is
used to remove and zeroize the keys. All the
DHCHAP/FCAP authenticated ports are disabled after
zeroization.

LDAP CA certificate

secCertUtil delete –
ldapcacert

The given LDAP certificate file is zeroized and deleted
from the module.

Passwords

passwdDefault

The passwdDefault command removes user-defined
accounts in addition to default passwords for the root,
admin, and user default accounts. However, only the
root account has permissions for this command. Users
with securityadmin and admin permissions must use
fipsCfg –-zeroize, which, in addition to removing user
accounts and resetting passwords, also performs the
complete zeroization of the system.
Notes:

In a dual CP system, executing passwdDefault
syncs with the standby. This means that when
passwdDefault is executed in the active CP, user-
defined accounts are removed from both the
active and standby CPs and only the default
accounts [root, factory, admin, and user] will be
retained. These accounts will have the generic
default passwords set.

To maintain FIPS 140-2 compliance, passwords
for the default accounts (admin and user) must be
changed after every zeroization operation.

RADIUS secret

aaaConfig –-remove

The aaaConfig --remove command zeroizes the secret
and deletes a configured server. The aaaConfig --add
command configures the RADIUS server.

RNG seed key

No command required

/dev/urandom is used as the initial source of seed for
RNG. The RNG seed key is zeroized on every random
number generation.

SFTP session keys

No command required

Automatically zeroized on session termination.

SSH RSA private key

sshUtil delprivkey

Key-based SSH authentication is not used for SSH
sessions.

SSH public keys

sshUtil delpubkeys

Zeroizes the SSH public.

SSH session key

No command required

This key is generated for each SSH session that is
established with the host. It automatically zeroizes on
session termination.

TLS authentication key

No command required

Automatically zeroized on session termination.

TLS pre-master secret

No command required

Automatically zeroized on session termination.

TLS private keys

secCertUtil delkey -all

The secCertUtil delkey -all command is used to zeroize
these keys. The secCertUtil genkey command creates
the keys. Only RSA keys of size 1024 or 2048 are
allowed.

TLS session key

No command required

Automatically zeroized on session termination.

TABLE 86

Zeroization behavior (Continued)

Keys

Zeroization CLI

Description

See also other documents in the category Dell Computer Accessories: