Configuring the users and groups, Local users – HP Secure Key Manager User Manual

Configuring the users and groups

A user directory contains a list of users that may access the keys on your KMS Server, and a list of
groups to which those users belong. The KMS Server can use one of two user directories:

•

A local user directory, where users and groups are defined only on the local device and are not
available to any other SKM.

•

A central server running the Lightweight Directory Access Protocol (LDAP), which enables all devices
to access the same set of users and groups. If you have several SKMs in use, LDAP can greatly
simplify user and group administration.

The KMS Server can either use local user and group authentication or LDAP authentication; it cannot
use both at the same time. You can define which authentication method your KMS Server uses on the
Key Management Services Configuration page in the section KMS Server Authentication Settings.
See

KMS Server Authentication Settings

for more details.

When you configure the KMS Server to use an LDAP user directory instead of the local user directory
(or vice versa), or if you change the LDAP server settings to point to a different user directory, existing
key permissions become invalid if the user and group names no longer exist in the new user directory.
However, if a user or group name appears in both the old and new directories, the new user or group
inherits the key permissions and database user mappings from the old user or group.

The User & Group Configuration page allows you to view, create, and modify the local user and
group directory on the KMS Server. This page contains the following sections:

• Local Users
• Selected Local User
• Custom Attributes
• Local Groups
• Local Group Properties
• User List

Local Users

Use the Local Users section to add or modify local users. Once a user has been created, you can
change the password but you cannot change the username.

Secure Key Manager

139