Filter
Top Products
616 Fabric OS Administrator’s Guide
53-1002745-02
Zeroization functions
B
FCSP Challenge
Handshake
Authentication Protocol
(CHAP) Secret
secAuthSecret –-remove The secAuthsecret -–create command is used to input
the keys, and the secAuthsecret -–remove command is
used to remove and zeroize the keys. All the
DHCHAP/FCAP authenticated ports are disabled after
zeroization.
LDAP CA certificate secCertUtil delete –
ldapcacert <certname>
The given LDAP certificate file is zeroized and deleted
from the module.
Passwords passwdDefault The passwdDefault command removes user-defined
accounts in addition to default passwords for the root,
admin, and user default accounts. However, only the
root account has permissions for this command. Users
with securityadmin and admin permissions must use
fipsCfg –-zeroize, which, in addition to removing user
accounts and resetting passwords, also performs the
complete zeroization of the system.
Notes:
• In a dual CP system, executing passwdDefault
syncs with the standby. This means that when
passwdDefault is executed in the active CP, user-
defined accounts are removed from both the
active and standby CPs and only the default
accounts [root, factory, admin, and user] will be
retained. These accounts will have the generic
default passwords set.
• To maintain FIPS 140-2 compliance, passwords
for the default accounts (admin and user) must be
changed after every zeroization operation.
RADIUS secret aaaConfig –-remove The aaaConfig --remove command zeroizes the secret
and deletes a configured server. The aaaConfig --add
command configures the RADIUS server.
RNG seed key No command required /dev/urandom is used as the initial source of seed for
RNG. The RNG seed key is zeroized on every random
number generation.
SFTP session keys No command required Automatically zeroized on session termination.
SSH RSA private key sshUtil delprivkey Key-based SSH authentication is not used for SSH
sessions.
SSH public keys sshUtil delpubkeys Zeroizes the SSH public.
SSH session key No command required This key is generated for each SSH session that is
established with the host. It automatically zeroizes on
session termination.
TLS authentication key No command required Automatically zeroized on session termination.
TLS pre-master secret No command required Automatically zeroized on session termination.
TLS private keys secCertUtil delkey -all The secCertUtil delkey -all command is used to zeroize
these keys. The secCertUtil genkey command creates
the keys. Only RSA keys of size 1024 or 2048 are
allowed.
TLS session key No command required Automatically zeroized on session termination.
TABLE 86 Zeroization behavior (Continued)
Keys Zeroization CLI Description