HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

481

482

483

484

485

486

487

488

489

490

NOTE:

To find out what the Administration Server user ID is, run grep in the Administration

Server configuration directory:

cd /etc/opt/dirsrv/admin-serv

grep \^User console.conf

3. In the /etc/opt/dirsrv/admin-serv directory, edit the nss.conf file to point to the

location of the new password file.

# Pass Phrase Dialog:

# Configure the pass phrase gathering process.

# The filtering dialog program ('builtin' is a internal

# terminal dialog) has to provide the pass phrase on stdout.

NSSPassPhraseDialog file:/etc/opt/dirsrv/admin-serv/password.conf

4. Restart the Administration Server.

/opt/dirsrv/sbin/restart-ds-admin

For more information about the commands to start, stop, and restart the Directory Server,

see “Starting and stopping servers”.

12.5 Using external security devices

A security module serves as a medium between the Directory Server and the SSL layer. The

module stores the keys and certificates used for encryption and decryption. The standard that

defines these modules is Public Key Cryptography Standard (PKCS) #11, so these modules are

PKCS #11 modules.

By default, Directory Server uses build in security databases, key3.db and cert8.db, to store

the keys and certificates used by the servers.

It is also possible to use external security devices to store Directory Server certificates and keys.

For Directory Server to use an external PKCS #11 module, the module's drivers must be installed

in Directory Server.

To install an external security device:

1. Connect the device, and install its drivers on the server machine.

2. Open the Directory Server Console for the server instance with which to use the security

device.

3. Open the Console in the top navigation menu, and select the Security, then the Configure

Security Modules item.

4. In the window, click the Install button.

5. In the configuration box, enter the full path to the driver file for the device and the name

for the module.

6. Click OK to save the new module driver.

12.6 Setting security preferences

The Directory Server supported several different ciphers, and the type of ciphers to use for

TLS/SSL communications are set by the user. A cipher is the algorithm used in encryption. Some

ciphers are more secure, or stronger, than others. Generally speaking, the more bits a cipher uses

during encryption, the more difficult it is to decrypt the key.

When a client initiates an TLS/SSL connection with a server, the client tells the server what ciphers

it prefers to use to encrypt information. In any two-way encryption process, both parties must

12.5 Using external security devices 487