Overview#
Materials in the NICI Configuration Files don't depend on the contents of eDirectory files. On the contrary, encrypted data in eDirectory depend on keys stored in NICI Configuration Files.NICI Configuration Files contain the user private keys, certificates, secret store data, and NMAS store data, will not be available if NICI Configuration Files are not properly maintained. Be certain the NICI Backup Procedures are in-place.
NICI Configuration Files#
NICI configuration files are located in the platform specific NICI File Locations. The NICI Configuration Files listed below are present on all platforms. Platform-specific files and other configuration details are explained the NICI Administration Guide
.
- nici.cfg - holds the configuration settings for NICI.
- nicisdi.key - The actual SDI Key Private Key.
- NICIFK - NICI license material for NICI server-mode operation.
- Xmgrcfg.nif - NICI per-box unique keying material generated locally. NICI client-mode operation and Not used if NICIFK is present. (Created on first use of NICI by a privileged user)
- Xarchive.000 - NICI master archive. Created on first use of NICI by a privileged user
The file xmgrcfg.wks was used in the previous versions of NICI in the client mode. It is no longer used or created with NICI v2.7.0 or later.
NICI operates in a NICI server-mode operation by default in NICI v2.7.0 or later. The xmgrcfg.wks is present if you are upgrading from a previous version of NICI. It doesn't effect the operation of NICI v2.7.0 or later.
Multiple Instances #
We strongly recommend running each instance of eDirectory on the same host with different UserIds to separate their cryptographic materials using the host system's security mechanisms.Otherwise, the server based Security Domain Infrastructure private key will be the same for all instances.
Example Files#
The nici.cfg file holds the configuration settings for NICI. Running "cat /<nici config file location>nici.cfg" will provide the locations for the files. Typical output is shown below:# cat /etc/opt/novell/nici.cfg ConfigDirectory:s:20:/var/opt/novell/nici SharedLibrary:s:9:/opt/novell/lib/libccs2.so DAC:b:20:a4:6f:1d:c2:29:c5:fc:a8:50:7f:fd:0c:d6:19:a6:9e:91:0f:62:0e MkUserDir:s:28:/var/opt/novell/nici/nicimud DAC2:b:20:f8:01:a8:26:f7:f4:12:53:92:0f:a8:42:24:7d:ce:3a:da:ed:40:83 NiciVersion:s:5:2.7.2 BuildDate:s:6:070214 NiciStrength:s:2:u0
Typical files#
The Files located at the appropriate NICI File Locations would be similar to:drwx------ 2 root root 4096 Jun 15 2011 0 drwx------ 2 john2 enduser 4096 Jun 22 2011 113100 drwx------ 2 willej enduser 4096 May 15 13:42 118952 -rw-r--r-- 1 root root 13440 Jun 15 2011 nicifk -rw-r--r-- 1 root root 13440 Mar 30 2009 nicifk.new -rwsr-xr-x 1 root root 17128 Mar 30 2009 nicimud -rwsr-xr-x 1 root root 13033 Mar 30 2009 nicimud64 -rwx------ 1 root root 115366 Mar 30 2009 primenici -rwx------ 1 root root 124755 Mar 30 2009 primenici64 -r-x------ 1 root root 2969 Mar 30 2009 set_server_mode -r-x------ 1 root root 2969 Mar 30 2009 set_server_mode64 -rw-r--r-- 1 root root 1222 Jun 15 2011 xarchive.000 -rw-r--r-- 1 root root 12024 Jun 15 2011 xmgrcfg.nif -rw-r--r-- 1 root root 3853 Mar 30 2009 xmgrcfg.wks ./0: total 28 -rw-r--r-- 1 root root 2448 May 23 23:37 nicisdi.key -rw-r--r-- 1 root root 362 Jun 15 2011 xarchive.001 -rw-r--r-- 1 root root 12289 Jun 15 2011 xmgrcfg.ks2 -rw-r--r-- 1 root root 269 Jun 10 15:33 xmgrcfg.ks3
There may also be other files which should also be backed up. The other files and sub directories would be specific to a user.
There are two other NICI Configuration Files that might be present, which are used to switch NICI server-mode operation when programs such as eDirectory are installed. The files are:
- nicifk.new
- set_server_mode (Linux/UNIX) or
- set_server_mode.bat (Windows)
