Feature #125

Prevent creation of encrypted volume using the default pin

Added by Alek P over 2 years ago.

Status:New Start:December 20, 2010
Priority:Low Due date:
Assigned to:- % Done:

0%
Category:- Spent time: -
Target version:-

Description

nmc@N310nightly-a:/$ create volume -e data                                      
You have asked to create an encryped volume, but either you have not set the pkcs11 token PIN or NMS doesn't have any
information about the PIN. Kindly set the pin using the NMC command 'setup crypto setpin' and retry

nmc@N310nightly-a:/$ setup crypto configuration location                        
Select default location for keystore : Default
Configuration is stored in Default location
Enter Pin :  xxxxxxxx                                                 (Input default PIN!!)
PIN Changed successfully

nmc@N310nightly-a:/$ create volume -e data                                      
Group of devices      : c1t1d0
Group redundancy type : pool

Create volume 'data'?  Yes
Enter Type            : auto
Enter Encryption      : aes-128
volume: data
 state: ONLINE
 scan: none requested
config:

        NAME           STATE     READ WRITE CKSUM
        data           ONLINE       0     0     0
          /dev/lofi/1  ONLINE       0     0     0

errors: No known data errors
NAME   SIZE  ALLOC   FREE    CAP  DEDUP  HEALTH  ALTROOT
data  7.94G   122K  7.94G     0%  1.00x  ONLINE  -

At the moment it is possible to create an encrypted volume using the default pin. One way to avoid this is to have the plugin post install run the 'setup crypto setpin' command. This will force the user to create a new pin.

Also available in: Atom PDF