Figure 63 Viewing the Custom Key Attributes section
Table 43 Custo
m Key Attributions section components
Components Description
Attribute Name
Enter a unique attribute name.
NOTE:
Attribute names can contain alphanumeric characters, hyphens, underscores,
and periods. You cannot include whitespaces in the name. In addition, the fi rst
character of the name must be a letter. Maximum length is 255 characters.
Attribute Value
Enter the value of the attribute. This can contain any printable ASCII characters and
spaces, tab, \n, and \r. Maximum length is 4095 characters.
Edit Click Edit to alter the selected attribute.
Add Click Add to add an attribute.
Delete Click Delete
to remove the selected attribute.
Configuring the users and groups
A user directory contains a list of users that may access the keys on your KMS Server, and a list of groups
to which those users belong. The KMS Server can use one of two user directories:
• A local user directory, where users and groups are defined only on the local device and are not
available to any other SKM.
• A central server running the Lightweight Directory Access Protocol (LDAP), which enables all
devicestoaccessthesamesetofusersandgroups.IfyouhaveseveralSKMsinuse,LDAPcan
greatly simplify user and group administration.
The KMS Server can either use local user and group authentication or LDAP authentication; it cannot use
both at the same time. You can definewhichauthenticationmethodyourKMSServerusesontheKey
Management Services Configuration page in the section KMS Server Authentication Settings. See KMS
Server Authentication Settings for more details.
When you configure the KMS Server to use an LDAP user directory instead of the local user directory
(or vice versa), or if you change the LDAP server settings to point to a different user directory, existing
key permissions become invalid if the user and group names no longer exist in the new user directory.
However, if a user or group name appears in both the old and new directories, the new user or group
inherits the key permissions and database user mappings from the old user or group.
The User & Group Configuration page allows you to view, create, and modify the local user and group
directory on the KMS Server. This page contains the following sections:
•LocalUsers
• Selected Local User
•CustomAttributes
•LocalGroups
•LocalGroupProperties
•UserList
126
Using the Management Console
Comments to this Manuals