1.0 Introduction

Novell International Cryptography Infrastructure (NICI) is the Novell solution for a cross-platform, policy-driven, independently certified, and extensible cryptography service. NICI is the cryptography module that provides keys, algorithms, various key storage and usage mechanisms, and a large-scale key management system.

NICI controls the introduction of algorithms and the generation and use of keys. NICI allows a single commodity version of security products to be produced for worldwide consumption that supports strong cryptography and multiple cryptographic technologies. Initial services built on this infrastructure are eDirectory, Novell Modular Authentication Service (NMAS), Novell Certificate Server, Novell SecretStore, and TLS/SSL.

NICI first shipped with NetWare 5.0. This document is provided to help resolve NICI issues found in the field or during testing of various Novell or third-party products. A particular product might use NICI directly or indirectly via another module (NLM, DLL, so, etc.).

WARNING:All actions described here can cause unrecoverable data loss and must be executed with the full knowledge of such an action. Most NICI problems, as well as solutions, have implications in other products. It might not be easy to predict the effects of taking a NICI action. NICI is one of the most critical services in the system and if it is inoperable, it typically renders the system inoperable, as well as causing permanent and unrecoverable damage. If certain NICI keys are irrecoverably lost, even backed-up data might be useless, because it can’t be decrypted.

The contents of this document do not guarantee a fix. All information is advisory.

Table 1-1 provides a general orientation of where files are kept in the NICI directory for each platform.

Table 1-1 NICI Directory

Platform

Shared Library Location

NICI Configuration Directory

NICI User Directory

NetWare

c:\nwserver

sys:\system\nici

sys:\system\nici

Microsoft* Windows* (32-bit)

%SystemRoot%\System32

%SystemRoot%\System32\Novell\NICI (See %systemroot%/system32)

%SystemRoot%\System32\Novell\NICI (See Section 3.0, NICI Setup)

Microsoft Windows (64-bit)

%systemroot%\syswow64

%systemroot%\syswow64\Novell\NICI (See %systemroot%/syswow64)

%systemroot%\syswow64\Novell\NICI (See %systemroot%/syswow64)

UNIX*

/opt/novell/lib

/var/opt/novell/nici (See Section 3.0, NICI Setup)

/var/opt/novell/nici/ (See Section 3.0, NICI Setup)

Linux* (32-bit)

/opt/novell/lib

/var/opt/novell/nici (See /opt/novell/lib/libccs2.so*)

/var/opt/novell/nici (See Section 3.0, NICI Setup)

Linux (64-bit)

/opt/novell/lib64

/var/opt/novell/nici (See /opt/novell/lib64/libccs2.so*)

/var/opt/novell/nici (See Section 3.0, NICI Setup)

Solaris* (32-bit)

/opt/novell/lib

/usr/lib (See /opt/novell/lib)

/var/opt/novell/nici (See Section 3.0, NICI Setup)

Solaris 64-bit

/opt/novell/lib/sparcv9

/usr/lib/sparcv9 (See /opt/novell/lib/sparcv9)

/var/opt/novell/nici (See Section 3.0, NICI Setup)

NICI v2.7.0 and later on UNIX platforms is LSB-compliant.