Environment variables
This appendix describes the environmental variables used by Security World Software.
When you are using these environment variables on Windows to configure nShield services such as the hardserver (nFast Server service), these must be set as System variables only; not as User Variables. Any service for which the environment variable changes are intended must be restarted for the change to take effect. |
Variable | Description | Win | Lnx |
---|---|---|---|
|
This variable allows you to specify the path to kernel headers (if, for example, they are not in the default directory). It is necessary for the configuration script to be able to find the kernel headers when building the PCI driver during software installation. |
n |
y |
|
This variable specifies the path to the dynamic feature enabling Feature Certificates directory.
You only need to change the value of this variable if you move the Installation directory.
See |
y |
y |
|
This variable enables debug logging for the hardserver and the PKCS #11 library.
You must set |
y |
y |
|
This variable redirects debug logging to syslog.
The value of the environment variable should be one of the syslog facilities to be used.
Prefixing the facility name with |
y |
Y |
|
This variable specifies the path to the Installation directory, which is set by the Security World Software installation script.
You only need to change the value of this variable if you move the Installation directory.
See |
y |
y |
|
This variable sets the location of the Key Management Data directory.
You only need to change the value of this variable if you move the Key Management Data directory.
See |
y |
y |
|
This variable specifies the location of the Key Management and Security World Data directory.
If this environment variable is not set, by default the module looks for the Security World data in the |
y |
y |
|
This variable specifies the location of the Log Files directory.
You only need to change the value of this variable if you move the Log Files directory.
See |
y |
y |
|
This variable specifies the location of log files that are specific to each user.
In Security World versions before 12.60.3, the default is the user’s home directory (Linux) or user profile folder (Windows).
From 12.60.3, the default is the subdirectory |
y |
y |
|
This variable sets the default values for a file in which |
y |
y |
|
This variable is the name of the |
y |
y |
|
This variable is the name of the |
y |
y |
|
This variable is the path of the SEE machine image to load on to any module for which a specific image is not defined.
Supplying the |
y |
y |
|
This variable is the path of the SEE machine image to load on to the specified module.
If set, this variable overrides the use of |
y |
y |
|
This variable is the default key hash of the vendor signing key ( |
y |
y |
|
This variable is the key hash of the vendor signing key ( |
y |
y |
|
If these variables are set in the hardserver’s environment, the values specify: On Linux, the pathnames of the UNIX domain sockets that the hardserver uses for ordinary/privileged client connections to the hardserver. On Windows, the names of the Windows named pipes for ordinary/privileged client connections to the hardserver. These variables are available for this purpose for backward compatibility only; you should configure sockets in the hardserver configuration file, see server_startup |
y |
y |
|
If these variables are set in the hardserver’s environment, the values specify the TCP port numbers that the nFast server uses for connections over TCP sockets. These variables are available for this purpose for backward compatibility only: you should configure ports in the hardserver configuration file, as described in server_startup. If you set these variables, they override the values in the hardserver configuration file. |
y |
y |
|
This variable is used to filter log messages by supplying a colon-separated list of allowable message categories; see Logging, debugging, and diagnostics. If no value is supplied, all message categories are logged. |
y |
y |
|
This variable is used to filter log messages by supplying a minimum severity level to be logged; see Logging, debugging, and diagnostics.
If no value is supplied, the default severity level is |
y |
y |
|
This variable is used to filter log messages by supplying a bitmask of detail flags; see Logging, debugging, and diagnostics.
The default is |
y |
y |
|
This variable is used to specify a filename (or file descriptor) in which log messages are to be written; see Logging, debugging, and diagnostics.
The default is |
y |
y |