Service manual
Generating Bindings for the Board
Appendix B Using the Sun Crypto Accelerator Board 167
secadm> set realm=dsrealm
secadm{dsrealm}> su
System Administrator Login Required
Login: super-user
Password:
secadm{root@dsrealm}#
4.
Create the user nobody to use the default slot, supplying the password used
whenrestarting Directory Server with SSL configured.
secadm{root@dsrealm}# create user=nobody
Initial password: password
Confirm password: password
User nobody created successfully.
secadm{root@dsrealm}# exit
At this point you have created the user and realm for the token nobody@dsrealm,
and supplied a password used when restarting Directory Server.
Generating Bindings for the Board
Bindingsfortheaccelerator board taketheform of anexternalsecurity module you
generate so Directory Server may bind to the board. Perform the following steps to
generate a binding between the external security module and Directory Server
certificate database with support for several SSL algorithms.
1. Set LD_LIBRARY_PATH before using modutil.
$ set LD_LIBRARY_PATH=ServerRoot/lib ; export LD_LIBRARY_PATH
2.
Create a security module database if none exists.
$cdServerRoot/shared/bin
$ ./modutil -create -dbdir ../../alias -dbprefix "slapd-serverID"
3.
Add the external security module to the security module database.
$ ./modutil -add "Crypto Mod" -dbdir ../../alias -nocertdb \
-libfile CryptoPath/lib/libpkcs11.so \
-mechanisms "RSA:DSA:RC4:DES" -dbprefix "slapd-serverID"
The default CryptoPath is /opt/SUNWconn/crypto.
4. List the security modules to ensure the add succeeded.
$ ./modutil -list -dbdir ../../alias -dbprefix "slapd-serverID"
You should see an entry for the Crypto Mod you added in Step 3.