Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   20652 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

cacao(5)		     Maintenance Commands		      cacao(5)

NAME
       cacao  -	 describes the security files associated with the common agent
       container

DESCRIPTION
       This man page describes the various security  files,  security  stores,
       certificate  files  and	certificate  stores associated with the common
       agent container.	 The  instancename  part  of  the  file	 specification
       locates	the  files related to a specific instance of the container. If
       you specify the default instancename (called default), then  the	 files
       are  associated with the default daemon instance. This default instance
       is created automatically and cannot be deleted.

FILES
       Security and certificate files and stores

	   /etc/cacao/instances/instance-name/security

       Secret password file

	   /etc/cacao/instances/instance-name/security/password

	   This secret password is used to protect some stores, keys and  cer‐
	   tificates and to assert identity provided by well-known clients.

       Network Security Services (NSS) security files

	   /etc/cacao/instances/instance-name/security/nss

	   The directory for security files related to NSS.

       Local CA security files

	   /etc/cacao/instances/instance-name/security/nss/localca

	   This	 is the directory for security files related to the local Cer‐
	   tificate Authority, (CA). The local CA, and therefore  this	direc‐
	   tory,  only exists if NSS is available on the host. The local CA is
	   used to sign both agent and	C/Java	clients	 certificates.	It  is
	   trusted by both the agent itself and C/Java clients.

       Local CA key store

	   /etc/cacao/instances/instance-name/security/nss/localca/key3.db

	   This is where local CA public and private keys (nickname: cacao_ca)
	   are held. This store is protected  by  the  secret  password.  Only
	   superuser  is  authorized  to  write to it and create new server or
	   client certificates validated by this CA and trusted by the agent.

       Local CA certificate store

	    /etc/cacao/instances/instance-name/security/nss/localca/cert8.db

	   This is where the local CA self-signed certificate (	 cacao_ca)  is
	   stored.  This store is protected by the secret password. Only supe‐
	   ruser is authorized to write to it.

       Local CA certificate file

	   /etc/cacao/instances/instance-name/secu‐
	   rity/nss/localca/localca.cert

	   A file containing the local CA self-signed certificate.

       Security files related to well-known C clients using NSS

	   /etc/cacao/instances/instance-name/security/nss/wellknown

	   This	 is  the  directory for security files related to well-known C
	   clients using NSS. This directory only exists if NSS	 is  available
	   on the host.

       Key store for well-known NSS clients

	   /etc/cacao/instances/instance-name/security/nss/wellknown/key3.db

	   This	 is  the  key  store for well-known clients public and private
	   keys, ( cacao_wellknown). This store is  protected  by  the	secret
	   password  so	 only  superuser  is  authorized  to  run a well-known
	   client.

       Certificate store for well-known NSS clients

	   /etc/cacao/instances/instance-name/security/nss/wellknown/cert8.db

	   This store contains the local CA certificate (  cacao_ca)  so  that
	   well-known clients trust the agent. It also contains the well-known
	   NSS client certificate ( cacao_wellknown), signed by the local  CA.
	   This store is protected by the secret password so only superuser is
	   authorized to run a well-known client.

       Certificate file of well-known NSS clients

	   /etc/cacao/instances/instance-name/security/nss/wellknown/well‐
	   known.cert

	   A file containing the well-known NSS clients certificate.

       Security files related to unknown C clients using NSS

	   /etc/cacao/instances/instance-name/security/nss/unknown

	   This	 is  the  directory  for  security  files related to unknown C
	   clients using NSS. This directory only exists if NSS	 is  available
	   on the host.

       Key store for unknown NSS clients

	   /etc/cacao/instances/instance-name/security/nss/unknown/key3.db

	   This	 key  store  contains the key for unknown NSS clients. It con‐
	   tains no key by default. This store is protected  by	 a  non-secret
	   password (unknownpass) so any user can run an unknown NSS client.

       Certificate store for unknown NSS clients

	    /etc/cacao/instances/instance-name/security/nss/unknown/cert8.db

	   This	 store	contains  the local CA certificate ( cacao_ca) so that
	   unknown clients trust the agent. This store is protected by a  non-
	   secret  password  (unknownpass)  so any user can run an unknown NSS
	   client.

       Security files related to the common agent container's managementdaemon

	   /etc/cacao/instances/instance-name/security/jsse

	   This directory contains security files related to the common	 agent
	   container management daemon and its Java clients.

       Agent security store

	   /etc/cacao/instances/instance-name/security/jsse/keystore

	   This file contains the  management daemon's public and private keys
	   ( cacao_agent). In addition, it also contains the agent certificate
	   ( cacao_agent), which is signed by the local CA if it exists, or is
	   self-signed if the local CA does not exist. This store is protected
	   by  the  secret password so only superuser is authorized to run the
	   agent and well-known Java clients. Only  superuser  is  allowed  to
	   modify  the	store  itself.	 Agent	keys are protected by the same
	   password.

       Trust store for the common agent container's management daemon and
       clients

	   /etc/cacao/instances/instance-name/security/jsse/truststore

	   This	 file  contains	 the  local  CA certificate if NSS was found (
	   cacao_ca). If NSS is not available, the  file  contains  the	 self-
	   signed agent certificate ( cacao_agent). Truststore is protected by
	   a non-secret password (trustpass) so that any Java client,  unknown
	   or  well-known,  trusts  the agent. Only superuser is authorized to
	   insert or remove trusted certificates due to	 file  system  permis‐
	   sions. The certificate is protected by the same password.

       Agent certificate file

	   /etc/cacao/instances/instance-name/security/jsse/agent.cert

	   This	 directory holds a file containing the agent certificate. This
	   file is signed by the local CA if NSS was found, or is  self-signed
	   if NSS is not found.

ATTRIBUTES
       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWcacao			   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Evolving			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       cacaoadm.1m, cacaourl.5

Oracle Solaris			   May 2010			      cacao(5)

Vote for polarhome