NICISDI: Security Domain Infrastructure

NICISDI stands for NICI Security Domain Infrastructure. This module is responsible for managing domain keys, where a domain is typically defined as the whole tree. In the future, a directory partition or custom domains will be able to be defined.

Up to NICI version 1.5.x, NICI supports one single partition key, the partition being the whole tree. Starting with NICI version 2.0.1, NICI can manage multiple partition keys of varying strengths and algorithms. Such keys are called Security Domain keys.On NetWare®, Windows, and on UNIX platforms, the module manages security domain keys in coordination with NICI. Various other services rely on the availability on security domain keys, including but not limited to SecretStore/Single-Sign-On, PKI (Certificate Server), and NMAS.

The NICISDI module has nothing to do with the SASDFM module. SASDFM manages session keys between two boxes, typically between a client and a server. The modules are both loaded during autoexec.ndf processing on NetWare. Multiple loading of these modules is controlled and should not cause problems if NICI 1.5.5 or newer is installed on the system.

Security domain servers manage security domain keys. Any server can be configured as a security domain server. There can be multiple security domain servers in a tree. Security domain keys are not intended for clients.

One tree key is installed by an eDirectory installation. The tree key is created or retrieved from the security domain key server during the server installation.