unixadmin.free.fr just another IBM blog and technotes backup

10mai/15

Common EFS Errors and Solutions

Question

This document is a collection of errors encountered when using EFS and solutions to those issues.

Answer

1) Problem: Can't enable EFS on the system
# efsenable -a
/usr/lib/drivers/crypto/clickext: A file or directory in the path name does not exist.
Unable to load CLiC kernel extension. Please check your installation.

Solution:
Install CLiC filesets from AIX Expansion Pack CD

$ installp -l -d clic.rte
Fileset Name                Level                     I/U Q Content
====================================================================
clic.rte.includes           4.3.0.0                    I  N usr
#   CryptoLite for C Library Include File

clic.rte.kernext            4.3.0.0                    I  N usr,root
#   CryptoLite for C Kernel

clic.rte.lib                4.3.0.0                    I  N usr
#   CryptoLite for C Library

2) Problem: Can't enable EFS on the system

# efsenable -a
Unable to load CLiC kernel extension. Please check your installation.
(Please make sure latest version of clic.rte is installed.)

Double-check that you have installed the correct version of the CLIC filesets for your Technology Level of AIX.

For AIX 6100-01 use clic.rte.4.3.0.0.I on the Expansion Pack CD
For aix 6100-02 use clic.rte.4.5.0.0.I on the Expansion Pack CD

AIX 6100-03 has been updated to include clic.rte on the base media set to prevent boot issues on systems with EFS enabled. Use clic.rte.4.6.0.1.I

For AIX 6100-04 use clic.rte.4.7.0.0.I which is also included in the base OS media.

2) Problem: Can't view user's key:

$ efskeymgr -v
Problem initializing EFS framework.
Please check EFS is installed and enabled (see efsenable) on you system.
Error was: (EFS was not configured)

Solution:
Enable EFS on the system:
# efsenable -a
and give root's password when it asks for root's initial keystore.

3) Problem: Can't enable encryption inheritiance on a directory.
# efsmgr -E testdir
or
Can't enable encryption on a specific file
# efsmgr -e myfile

Problem initializing EFS framework.
Please check EFS is installed and enabled on you system.
Error was: (EFS was not configured)

Solution:
Make sure CLiC filesets are installed
Enable EFS on the system
Enable EFS and RBAC on the filesystem:

# chfs -a efs=yes /myfilesystem

4) Problem: Have enabled EFS on a filesystem but get error mounting:

# mount /efstest
The CLiC library (libclic.a) is not available. Install clic.rte and run 'efsenable -a'.

Solution:
Install CLiC filesets
Enable EFS on the system
Remount the filesystem

5) Problem: No encryption algorithms show up!
# efsenable -q
List of supported algorithms for keystores:
1
2
3

List of supported ciphers for files:
1
2
3
4
5
6

Solution:
Install CLiC filesets

# efsenable -q
List of supported algorithms for keystores:
1  RSA_1024
2  RSA_2048
3  RSA_4096

List of supported ciphers for files:
1  AES_128_CBC
2  AES_192_CBC
3  AES_256_CBC
4  AES_128_ECB
5  AES_192_ECB
6  AES_256_ECB

Source: IBM Technote

Remplis sous: AIX Laisser un commentaire
Commentaires () Trackbacks (0)

Aucun commentaire pour l'instant


Leave a comment

(required)

Aucun trackbacks pour l'instant