Example config file for a large HA group
This chrystoki.conf file and the 16 network HSMs (with slightly altered IP addresses) were used in our testing.
Chrystoki2 = {
LibUNIX = /usr/safenet/lunaclient/lib/libCryptoki2.so;
LibUNIX64 = /usr/safenet/lunaclient/lib/libCryptoki2_64.so;
}
Luna = {
DefaultTimeOut = 500000;
PEDTimeout1 = 100000;
PEDTimeout2 = 200000;
PEDTimeout3 = 20000;
KeypairGenTimeOut = 2700000;
CloningCommandTimeOut = 300000;
CommandTimeOutPedSet = 720000;
}
CardReader = {
RemoteCommand = 1;
}
Misc = {
PE1746Enabled = 0;
ValidateHost = 0;
ToolsDir = /usr/safenet/lunaclient/bin;
PartitionPolicyTemplatePath = /usr/safenet/lunaclient/data/partition_policy_templates;
ProtectedAuthenticationPathFlagStatus = 0;
MutexFolder = /usr/safenet/lunaclient/lock;
PluginModuleDir = /usr/safenet/lunaclient/plugins;
}
LunaSA Client = {
ReceiveTimeout = 20000;
SSLConfigFile = /usr/safenet/lunaclient/bin/openssl.cnf;
ClientPrivKeyFile = /usr/safenet/lunaclient/cert/client/192.168.143.48Key.pem;
ClientCertFile = /usr/safenet/lunaclient/cert/client/192.168.143.48.pem;
ServerCAFile = /usr/safenet/lunaclient/cert/server/CAFile.pem;
NetClient = 1;
TCPKeepAlive = 1;
ServerName00 = 192.121.10.63;
ServerPort00 = 1792;
ServerHtl00 = 0;
ServerName01 = 192.121.10.53;
ServerPort01 = 1792;
ServerHtl01 = 0;
ServerName02 = 192.121.10.62;
ServerPort02 = 1792;
ServerHtl02 = 0;
ServerName03 = 192.121.10.59;
ServerPort03 = 1792;
ServerHtl03 = 0;
ServerName04 = 192.121.10.52;
ServerPort04 = 1792;
ServerHtl04 = 0;
ServerName05 = 192.121.10.64;
ServerPort05 = 1792;
ServerHtl05 = 0;
ServerName06 = 192.121.10.50;
ServerPort06 = 1792;
ServerHtl06 = 0;
ServerName07 = 192.121.10.51;
ServerPort07 = 1792;
ServerHtl07 = 0;
ServerName08 = 192.121.10.65;
ServerPort08 = 1792;
ServerHtl08 = 0;
ServerName09 = 192.121.10.58;
ServerPort09 = 1792;
ServerHtl09 = 0;
ServerName10 = 192.121.10.60;
ServerPort10 = 1792;
ServerHtl10 = 0;
ServerName11 = 192.121.10.56;
ServerPort11 = 1792;
ServerHtl11 = 0;
ServerName12 = 192.121.10.57;
ServerPort12 = 1792;
ServerHtl12 = 0;
ServerName13 = 192.121.10.55;
ServerPort13 = 1792;
ServerHtl13 = 0;
ServerName14 = 192.121.10.54;
ServerPort14 = 1792;
ServerHtl14 = 0;
ServerName15 = 192.121.10.61;
ServerPort15 = 1792;
ServerHtl15 = 0;
ServerName16 = 192.168.141.93;
ServerPort16 = 1792;
ServerHtl16 = 0;
ServerName17 = 192.168.141.198;
ServerPort17 = 1792;
ServerHtl17 = 0;
}
Secure Trusted Channel = {
SoftTokenDir = /usr/safenet/lunaclient/configData/token;
ClientIdentitiesDir = /usr/safenet/lunaclient/data/client_identities;
PartitionIdentitiesDir = /usr/safenet/lunaclient/data/partition_identities;
ClientTokenLib = /usr/safenet/lunaclient/lib/libSoftToken.so;
}
PedServer = {
ServerCAFile = /usr/safenet/lunaclient/PEDserver/CAFile.pem;
PedConfigFile = /etc/pedServer.conf;
}
VirtualToken = {
VirtualToken00Label=My_HA;
VirtualToken00SN = 11287408863039;
VirtualToken00Members = 1287408863039,1327020333026,1335064630247,1335062301941,1377509648637,1327024989629,1378778575411,1378780903715,1305890956067,1305921224049,1372948497173,1459759386384,1238656463696,1485871338177,1358801709921,1259264300111,1382217483700,1335066958603;
}
HASynchronize = {
}
HAConfiguration = {
haLogStatus = enabled;
reconnAtt = -1;
haLogPath = /usr/safenet/lunaclient/;
}
CkLog2 = {
Enabled = ;
NewFormat = ;
File = ;
FileSize = ;
Error = ;
LibUNIX = ;
LibUNIX64 = ;
}
Ped Server = {
PedConfigFile = /etc/pedServer.conf;
}
RBS = {
CmdProcessor = /usr/safenet/lunaclient/rbs/lib/librbs_processor2.so;
DaemonName = RBSD;
HostPort = 1792;
ClientAuthFile = /usr/safenet/lunaclient/rbs/clientauth.dat;
ServerSSLConfigFile = /usr/safenet/lunaclient/rbs/server/server.cnf;
ServerPrivKeyFile = /usr/safenet/lunaclient/rbs/server/serverkey.pem;
ServerCertFile = /usr/safenet/lunaclient/rbs/server/server.pem;
NetServer = 1;
HostName = 0.0.0.0;
}
