The MAKECF utility
creates SOAPam credentials files.Refer to Using Credential Files for more information about credentials files.
This section describes how to use the MAKECF utility.
tacl> run MAKECF <output-file-name> [!] [ -targetfilename <target-file-name> ] [credentials-input-string | +<credentials-input-file>]
tacl> run MAKECF <file-name> -verify
The name of the credentials file to be created. Use the "!" character to specify that the file should be overwritten if it already exists.
By default, MAKECF creates credentials files that are only valid in the location specified by <file-name>. However, there are cases when it is useful to create a credentials file in one location and then move it to another location, such as when creating the credentials file on a development system for deployment on a production system. When the -targetfilename argument is used, the credentials file will be created such that it will be valid when copied to the target file name. See the remarks for more information on credentials file locations.
The credentials string to be encrypted and stored; either a userid:password or pass phrase.
The name of an input file containing the credentials string to be encrypted and stored; either a userid:password or pass phrase.
If both <credentials-input-string> and <credentials-input-file> are omitted, you will be prompted for the information.
If you do not pass the credentials string on the command line, MAKECF will prompt for the information. The advantage to this usage is that your credentials are not echoed to the screen as you type, preventing any onlookers from reading your private security information.
The credentials file is location dependent, i.e., if the file is moved or renamed, the credentials cannot be decrypted. This feature is designed to disable the credentials in case the file is stolen or otherwise used inappropriately. Even though credentials become invalid when moved, system administrators should still use Guardian security to prevent unauthorized access to the contents of the file.
If you want to verify that a credentials file is a valid credentials file and also that the credentials file is in the subvolume that the credentials file expects to be in, use the -verify option.
> run MAKECF ! mylogin userid:password
> run MAKECF ! mylogin +clrtext
> run MAKECF certpass
Enter the credentials string:
Re-enter the credentials string:
This command creates a credentials file "cfile" that won't be valid until it has been moved to \sys2.$data.mysubvol.cfile2
tacl> run MAKECF cfile myuser:mypass -targetfilename \sys2.$data.mysubvol.cfile2
This command inspects the credentials file "cfile" to check the integrity of the credentials and also that "cfile" is located in the correct subvolume
tacl> run MAKECF cfile -verify