Securing NICI keys using eDirectory Server

0 Likes
over 10 years ago
[no-glossary]

Author: Ankit Gupta

Table of Contents










Introduction



Novell International Cryptographic Infrastructure (NICI) keys are used in many modules for security purpose. NICI keys (OS and user specific) are stored in the file system. It is recommended to take the backup of NICI keys for decoding other modules security keys.



This paper discusses the tools and steps of backing up and restoring NICI keys.


Benefits of backing up NICI keys




  • Used in migrating from NetWare to Linux

  • Used for encoding and decoding other modules' secret keys.



Tool Availability




  • eDirectory 8.8 SP5 or later



Tools for backing up NICI keys




  • eDirectory Management Tool Box (eMBox)

  • eDirectory Backup script (DSBK)

  • iManager



Steps for backing up NICI keys on Linux



Take backup of NICI keys using any of the following:




  1. eMBox

    • edirutil -i

  2. login -s IP_Server -u USER_FDN -w USER_PASSWORD -p 8028 -n

  • backup -f backup_file -l log_file -e nici_passwd

  • eDirectory backup script(DSBK)

    • dsbk backup -f backup_file -l log_file -e nici_passwd

  • iManager (Browser base)

    • Click eDirectory Maintenance --> Backup

  • Provide server details and Press Next

  • Give credentials and Press Next

  • On Next page (Third page) NICI CheckBox is present in case of eDirectory 8.8.5 or above, Check the CheckBox and give the NICI password in the TextBox given below (TextBox will be disabled by disabled by default, it will be enable only when we checks the NICI CheckBox).

  • Click next and complete the backup.



Steps for restoring NICI keys on Linux



Restore NICI keys using any of the following




  1. eMBox

    • edirutil -i

  2. login -s IP_Server -u USER_FDN -w USER_PASSWORD -p 8028 -n

  • restore -f backup_file -l log_file -e nici_passwd

  • eDirectory backup script(DSBK)

    • dsbk restore -f backup_file -l log_file -e nici_passwd

  • iManager

    • Click eDirectory Maintenance --> Restore

  • Provide server details and Press Next

  • Next page (Second page) NICI CheckBox is present in case of eDirectory 8.8.5 or above, Check the checkbox and give the NICI password in the TextBox given below (TextBox will be disabled by disabled by default, it will be enable only when we checks the NICI CheckBox).

  • Click next and complete restore.



Important to note:



  • While restoring eDirectory DIB and NICI together then user should restore NICI keys alone first, restart ndsd server and restore eDirectory DIB.

  • User can provide NICI keys encryption password in the following ways.

    1. Clear text with pass keyword ( -e pass:password)

  • Inside file ( -e file_name_with_path)

  • Clear text ( -e password)


  • NICI keys are encrypted and stored in given backup file. NICI keys can be backed up along with full DIB backup as well as with incremental backup.

  • User has to provide the same NICI password along with -e option at restore time what he had given at the time of backup.


[/no-glossary]

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended