| Asset ID: |
1-71-1330911.1 |
| Update Date: | 2016-10-05 |
| Keywords: | |
Solution Type
Technical Instruction Sure
Solution
1330911.1
:
OKM - Can Not Meet Quorum Due To Lost User Passphrase
| Related Categories |
- PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
|
In this Document
Applies to:
Oracle Key Manager - Version 2.0.0 and later
Information in this document applies to any platform.
Goal
A customer is using OKM and has set up a Key Split Quorum of 3 but 1 person left the company and didn't pass on his passphrase.
A second passphrase is in doubt but they may be able to guess it. The third passphrase is known.
The questions are:
Will repetitive guessing of the key cause any problem eg the data getting locked?
What options are there if they cannot guess the second passphrase?
Solution
You can try and guess the passphrase as many times as you like, it will not lock the user account.
If you can not meet the quorum threshold then there is nothing which support can offer. You will not be able to add new KMA's if one goes bad.
Since you do not know the quorum then you also will not be able to restore the database.
Basically you will have to start over again, you will have to copy all encrypted tapes over to drives with no-encryption or install a new KMS cluster setup with encrypted drives to copy the data from the tapes.
To avoid this issue recommend, a high key split size of users, with a low threshold depending on customers security policy allow.
i.e - Key split of 10, with a threshold of 3.
OKM Engineering has no secret password to reset the Quorum.
Attachments
This solution has no attachment
