NICI Configuration Files


Materials in the NICI Configuration Files don't depend on the contents of eDirectory files. On the contrary, encrypted data in eDirectory depend on keys stored in NICI Configuration Files.

NICI Configuration Files contain the user private keys, certificates, secret store data, and NMAS store data, will not be available if NICI Configuration Files are not properly maintained. Be certain the NICI Backup Procedures are in-place.

NICI Configuration Files#

NICI configuration files are located in the platform specific NICI File Locations. The NICI Configuration Files listed below are present on all platforms. Platform-specific files and other configuration details are explained the NICI Administration Guide.
  • nici.cfg - holds the configuration settings for NICI.
  • nicisdi.key - The actual SDI Key Private Key.
  • NICIFK - NICI license material for NICI server-mode operation.
  • Xmgrcfg.nif - NICI per-box unique keying material generated locally. NICI client-mode operation and Not used if NICIFK is present. (Created on first use of NICI by a privileged user)
  • Xarchive.000 - NICI master archive. Created on first use of NICI by a privileged user
NICI Configuration Files are Digitally Signed and are partially Encrypted. An invalid license file (NICIFK) or a client license file (xmgrcfg.wks) renders NICI nonfunctional.

The file xmgrcfg.wks was used in the previous versions of NICI in the client mode. It is no longer used or created with NICI v2.7.0 or later.

NICI operates in a NICI server-mode operation by default in NICI v2.7.0 or later. The xmgrcfg.wks is present if you are upgrading from a previous version of NICI. It doesn't effect the operation of NICI v2.7.0 or later.

Multiple Instances #

We strongly recommend running each instance of eDirectory on the same host with different UserIds to separate their cryptographic materials using the host system's security mechanisms.

Otherwise, the server based Security Domain Infrastructure private key will be the same for all instances.

Example Files#

The nici.cfg file holds the configuration settings for NICI. Running "cat /<nici config file location>nici.cfg" will provide the locations for the files. Typical output is shown below:
# cat /etc/opt/novell/nici.cfg


Typical files#

The Files located at the appropriate NICI File Locations would be similar to:
drwx------ 2 root     root      4096 Jun 15  2011 0
drwx------ 2 john2   enduser   4096 Jun 22  2011 113100
drwx------ 2 willej  enduser   4096 May 15 13:42 118952
-rw-r--r-- 1 root     root     13440 Jun 15  2011 nicifk
-rw-r--r-- 1 root     root     13440 Mar 30  2009 nicifk.new
-rwsr-xr-x 1 root     root     17128 Mar 30  2009 nicimud
-rwsr-xr-x 1 root     root     13033 Mar 30  2009 nicimud64
-rwx------ 1 root     root    115366 Mar 30  2009 primenici
-rwx------ 1 root     root    124755 Mar 30  2009 primenici64
-r-x------ 1 root     root      2969 Mar 30  2009 set_server_mode
-r-x------ 1 root     root      2969 Mar 30  2009 set_server_mode64
-rw-r--r-- 1 root     root      1222 Jun 15  2011 xarchive.000
-rw-r--r-- 1 root     root     12024 Jun 15  2011 xmgrcfg.nif
-rw-r--r-- 1 root     root      3853 Mar 30  2009 xmgrcfg.wks

total 28
-rw-r--r-- 1 root root  2448 May 23 23:37 nicisdi.key
-rw-r--r-- 1 root root   362 Jun 15  2011 xarchive.001
-rw-r--r-- 1 root root 12289 Jun 15  2011 xmgrcfg.ks2
-rw-r--r-- 1 root root   269 Jun 10 15:33 xmgrcfg.ks3

There may also be other files which should also be backed up. The other files and sub directories would be specific to a user.

There are two other NICI Configuration Files that might be present, which are used to switch NICI server-mode operation when programs such as eDirectory are installed. The files are:

  • nicifk.new
    • set_server_mode (Linux/UNIX) or
    • set_server_mode.bat (Windows)

More Information#

There might be more information for this subject on one of the following: