This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
NICI Configuration Files
NICI Configuration Files

Version management

Difference between version and

At line 1 added 75 lines
!!! Overview
Materials in the [{$pagename}] don't depend on the contents of eDirectory files. On the contrary, [encrypted data in eDirectory|NICITreeKeyProvider] depend on keys stored in [{$pagename}].
[{$pagename}] contain the user private keys, certificates, secret store data, and NMAS store data, will not be available if [{$pagename}] are not properly maintained. Be certain the [NICI Backup Procedures] are in-place.!! [NICI] Configuration Files
[NICI] configuration files are located in the platform specific [NICI File Locations]. The [{$pagename}] listed below are present on all platforms. Platform-specific files and other configuration details are explained the [NICI Administration Guide|http://www.novell.com/documentation/nici27x/index.html].
* nici.cfg - holds the configuration settings for [NICI].
* nicisdi.key - The actual [SDI Key] [Private Key].
* NICIFK - NICI license material for [NICI server-mode operation].
* Xmgrcfg.nif - NICI per-box unique keying material generated locally. [NICI client-mode operation] and Not used if NICIFK is present. (Created on first use of [NICI] by a privileged user)
* Xarchive.000 - [NICI] master archive. Created on first use of [NICI] by a privileged user
%%warning
[{$pagename}] are [Digitally Signed] and are partially [Encrypted]. An invalid license file (NICIFK) or a client license file (xmgrcfg.wks) renders [NICI] nonfunctional.
%%
The file xmgrcfg.wks was used in the previous versions of NICI in the client mode. It is no longer used or created with NICI v2.7.0 or later.
[NICI] operates in a [NICI server-mode operation] by default in [NICI] v2.7.0 or later. The xmgrcfg.wks is present if you are upgrading from a previous version of [NICI]. It doesn't effect the operation of [NICI] v2.7.0 or later.
!! Multiple Instances
We strongly recommend running each instance of eDirectory on the same host with different [UserIds] to separate their [cryptographic] materials using the host system's security mechanisms.
Otherwise, the server based [Security Domain Infrastructure] private key will be the same for all instances.
!! [Example] Files
The nici.cfg file holds the configuration settings for [NICI].
Running "cat /<nici config file location>nici.cfg" will provide the locations for the files. Typical output is shown below:
{{{
# cat /etc/opt/novell/nici.cfg
ConfigDirectory:s:20:/var/opt/novell/nici
SharedLibrary:s:9:/opt/novell/lib/libccs2.so
DAC:b:20:a4:6f:1d:c2:29:c5:fc:a8:50:7f:fd:0c:d6:19:a6:9e:91:0f:62:0e
MkUserDir:s:28:/var/opt/novell/nici/nicimud
DAC2:b:20:f8:01:a8:26:f7:f4:12:53:92:0f:a8:42:24:7d:ce:3a:da:ed:40:83
NiciVersion:s:5:2.7.2
BuildDate:s:6:070214
NiciStrength:s:2:u0
}}}!! Typical files
The Files located at the appropriate [NICI File Locations] would be similar to:
{{{
drwx------ 2 root root 4096 Jun 15 2011 0
drwx------ 2 john2 enduser 4096 Jun 22 2011 113100
drwx------ 2 willej enduser 4096 May 15 13:42 118952
-rw-r--r-- 1 root root 13440 Jun 15 2011 nicifk
-rw-r--r-- 1 root root 13440 Mar 30 2009 nicifk.new
-rwsr-xr-x 1 root root 17128 Mar 30 2009 nicimud
-rwsr-xr-x 1 root root 13033 Mar 30 2009 nicimud64
-rwx------ 1 root root 115366 Mar 30 2009 primenici
-rwx------ 1 root root 124755 Mar 30 2009 primenici64
-r-x------ 1 root root 2969 Mar 30 2009 set_server_mode
-r-x------ 1 root root 2969 Mar 30 2009 set_server_mode64
-rw-r--r-- 1 root root 1222 Jun 15 2011 xarchive.000
-rw-r--r-- 1 root root 12024 Jun 15 2011 xmgrcfg.nif
-rw-r--r-- 1 root root 3853 Mar 30 2009 xmgrcfg.wks
./0:
total 28
-rw-r--r-- 1 root root 2448 May 23 23:37 nicisdi.key
-rw-r--r-- 1 root root 362 Jun 15 2011 xarchive.001
-rw-r--r-- 1 root root 12289 Jun 15 2011 xmgrcfg.ks2
-rw-r--r-- 1 root root 269 Jun 10 15:33 xmgrcfg.ks3
}}}
There may also be other files which should also be backed up. The other files and sub directories would be specific to a user.
There are two other [{$pagename}] that might be present, which are used to switch [NICI server-mode operation] when programs such as [eDirectory] are installed. The files are:
* nicifk.new
** set_server_mode (Linux/UNIX) or
** set_server_mode.bat (Windows)
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop