canmove, Confirmed users
937
edits
Rolesandservices: Difference between revisions
→Initialization of Authentication Mechanism
| Line 29: | Line 29: | ||
=== Initialization of Authentication Mechanism === | === Initialization of Authentication Mechanism === | ||
The operator (implicitly) assumes the Crypto Officer role when installing the NSS library files. | The operator (implicitly) assumes the Crypto Officer role when installing the NSS cryptographic module library files. The NSS cryptographic module is initialized automatically when <code>FC_Initialize</code> is called for the first time. The Crypto Officer calls the function <code>FC_InitPIN</code> to set the NSS User's initial password. From then on, the operator only assumes the NSS User role. | ||
<div class=note>It is not necessary to call <code>FC_InitToken</code> to initialize the NSS cryptographic module. The Crypto Officer may call <code>FC_InitToken</code> to re-initialize the NSS cryptographic module.</div> | |||
Since the NSS cryptographic module does not use a factory-set or default password to authenticate the operator for the first time the module is accessed, login to the general purpose computer is used to control access to the module before it is initialized. If the general purpose computer is not protected with a system login password, procedural controls or physical access control must be used to control access to the computer before the module is initialized. | Since the NSS cryptographic module does not use a factory-set or default password to authenticate the operator for the first time the module is accessed, login to the general purpose computer is used to control access to the module before it is initialized. If the general purpose computer is not protected with a system login password, procedural controls or physical access control must be used to control access to the computer before the module is initialized. | ||