Using sechkey remotely.

Document ID : KB000052430
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

How to use sechkey remotely without using root's password?

Solution:

sechkey oldkey newkey -r remoteserver.ca.com
eTrustAC sechkey v8.00a-1486.17 - internal key changer
Copyright (c) 2009 CA. All rights reserved.

Please enter your password: <owner of binary's password>

By default the owner of sechkey is root. However, if you change this to a "security user" you will be able to run sechkey remotely without the need for root's password. The purpose of this is to stop the use of a generic user. This "security user" will need to have the Access Control admin right. An example would be if you have a standard user, user123, login to a server and sesu to the "security user" to remotely change a key or the local key. The original user, user123, will be tracked so we know who changed the key.