When you initialize a TKE workstation crypto adapter for use with
passphrase profiles, the following IBM-supplied roles and profiles
will be created:
- IBM-supplied roles:
- DEFAULT
- Intended for use during the migration process or initial setup
of the roles and smart card profiles on the TKE.
- TKEADM
- Intended for use with IBM-supplied and customer-defined passphrase
profiles. The role is designed to provide the authority to manage
the TKE.
- TKEUSER
- Intended for use with IBM-supplied and customer-defined passphrase
profiles. The role is designed to provide the authority to manage
host crypto modules.
- KEYMAN1
- Intended for use with the IBM-supplied passphrase profile KEYMAN1.
The role is designed to provide users authority to clear the TKE
crypto adapter new master key register and load first master key parts.
- KEYMAN2
- Intended for use with the IBM-supplied passphrase profile KEYMAN2.
The role is designed to provide users authority to load any middle
and last master key parts to the TKE crypto adapter new master key
register, set the master key and reencipher key storage.
- IBM-supplied profiles:
- TKEADM
- Intended for a person with the responsibility of initially setting
up a TKE, completing migration tasks, or managing the TKE.
- TKEUSER
- Intended for a person with the responsibility of managing host
crypto modules.
- KEYMAN1
- Intended for a person with the responsibility to clear the TKE
crypto adapter new master key register and load first master key parts.
- KEYMAN2
- Intended for a person with the responsibility to load any middle
and last master key parts to the TKE crypto adapter new master key
register, set the master key and reencipher key storage.