HP HSR68xx Configure-to-Order Router Solution : R3303-HP HSR6800 Routers Security Configuration Guide : Page 7

v

Configuring password control ································································································································ 189

Overview ······································································································································································· 189

FIPS compliance ··························································································································································· 191

Password control configuration task list ····················································································································· 192

Enabling password control ········································································································································· 192

Setting global password control parameters ············································································································ 193

Setting user group password control parameters ····································································································· 194

Setting local user password control parameters ······································································································· 195

Setting super password control parameters ·············································································································· 195

Setting a local user password in interactive mode ··································································································· 196

Displaying and maintaining password control ········································································································· 196

Password control configuration example ·················································································································· 197

Configuring RSH ····················································································································································· 200

Configuration prerequisites ········································································································································· 200

Configuration procedure ············································································································································· 200

RSH configuration example ········································································································································ 200

Managing public keys ············································································································································ 203

FIPS compliance ··························································································································································· 203

Configuration task list ·················································································································································· 203

Exporting an RSA key pair ·········································································································································· 205

Importing an RSA key pair ·········································································································································· 205

Creating a local asymmetric key pair ························································································································ 206

Displaying or exporting the local host public key ···································································································· 206

Displaying and recording the host public key information ······················································································ 207

Displaying the host public key in a specific format and saving it to a file ···························································· 207

Exporting the host public key in a specific format to a file ····················································································· 207

Destroying a local asymmetric key pair ···················································································································· 208

Exporting an RSA key pair ·········································································································································· 208

Importing an RSA key pair ·········································································································································· 208

Specifying the peer public key on the local device ·································································································· 209

Displaying public keys ················································································································································· 210

Public key configuration examples ····························································································································· 210

Manually specifying the peer public key on the local device ········································································ 210

Importing a public key from a public key file ··································································································· 212

Exporting and importing an RSA key pair········································································································ 215

Configuring PKI ······················································································································································· 218

Overview ······································································································································································· 218

PKI terms ······························································································································································· 218

PKI architecture ···················································································································································· 219

PKI operation ······················································································································································· 220

PKI applications ··················································································································································· 220

FIPS compliance ··························································································································································· 220

PKI configuration task list ············································································································································ 220

Configuring a PKI entity ·············································································································································· 221

Configuring a PKI domain ··········································································································································· 222

Requesting a certificate ··············································································································································· 224

Configuring automatic certificate request ········································································································· 224

Manually requesting a certificate ······················································································································ 224

Obtaining certificates ·················································································································································· 225

Verifying PKI certificates ·············································································································································· 226

Verifying PKI certificates with CRL checking ····································································································· 226

Verifying PKI certificates without CRL checking································································································ 227

Destroying the local RSA key pair ······························································································································ 227