Article

(View Disclaimer)

Author: Ankit Gupta

Table of Contents

• Introduction
• Benefits of backing up NICI keys
• Steps for backing up NICI keys on Linux
• Steps for restoring NICI keys on Linux
• Important to note

Introduction

Novell International Cryptographic Infrastructure (NICI) keys are used in many modules for security purpose. NICI keys (OS and user specific) are stored in the file system. It is recommended to take the backup of NICI keys for decoding other modules security keys.

This paper discusses the tools and steps of backing up and restoring NICI keys.

Benefits of backing up NICI keys

• Used in migrating from NetWare to Linux
• Used for encoding and decoding other modules' secret keys.

Tool Availability

• eDirectory 8.8 SP5 or later

Tools for backing up NICI keys

• eDirectory Management Tool Box (eMBox)
• eDirectory Backup script (DSBK)
• iManager

Steps for backing up NICI keys on Linux

Take backup of NICI keys using any of the following:

1. eMBox
   
   • edirutil -i
   • login -s IP_Server -u USER_FDN -w USER_PASSWORD -p 8028 -n
   • backup -f backup_file -l log_file -e nici_passwd
2. eDirectory backup script(DSBK)
   
   • dsbk backup -f backup_file -l log_file -e nici_passwd
3. iManager (Browser base)
   
   • Click eDirectory Maintenance --> Backup
   • Provide server details and Press Next
   • Give credentials and Press Next
   • On Next page (Third page) NICI CheckBox is present in case of eDirectory 8.8.5 or above, Check the CheckBox and give the NICI password in the TextBox given below (TextBox will be disabled by disabled by default, it will be enable only when we checks the NICI CheckBox).
   • Click next and complete the backup.

Steps for restoring NICI keys on Linux

Restore NICI keys using any of the following

1. eMBox
   
   • edirutil -i
   • login -s IP_Server -u USER_FDN -w USER_PASSWORD -p 8028 -n
   • restore -f backup_file -l log_file -e nici_passwd
2. eDirectory backup script(DSBK)
   
   • dsbk restore -f backup_file -l log_file -e nici_passwd
3. iManager
   
   • Click eDirectory Maintenance --> Restore
   • Provide server details and Press Next
   • Next page (Second page) NICI CheckBox is present in case of eDirectory 8.8.5 or above, Check the checkbox and give the NICI password in the TextBox given below (TextBox will be disabled by disabled by default, it will be enable only when we checks the NICI CheckBox).
   • Click next and complete restore.

Important to note:

• While restoring eDirectory DIB and NICI together then user should restore NICI keys alone first, restart ndsd server and restore eDirectory DIB.
• User can provide NICI keys encryption password in the following ways.
  
  1. Clear text with pass keyword ( -e pass:password)
  2. Inside file ( -e file_name_with_path)
  3. Clear text ( -e password)
• NICI keys are encrypted and stored in given backup file. NICI keys can be backed up along with full DIB backup as well as with incremental backup.
• User has to provide the same NICI password along with -e option at restore time what he had given at the time of backup.

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.