Environment
Novell eDirectory 8.8 for All Platforms
Situation
The Distribution Password is protected in the same way as the Universal Password which is the following:
- The Distribution Password and Universal Password are encrypted using a user specific 3DES key which is referred to the Password Key.
- The Password Key is wrapped/encrypted using the 3DES Tree Key. This key is sometimes referred to as the SDI Key.
- The Tree Key is held by every eDirectory server in the tree.
- The Tree Key is wrapped/encrypted using the 3DES server specific Storage Key.
- The Storage Key is obfuscated and stored on the disk.
The NICI FIPS Security Policy Section 2.6.4.1 Key Storage Keys section provides some additional information regarding the Key Storage Key. That document can be found on the NIST web site at: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp769.pdf
- The Distribution Password and Universal Password are encrypted using a user specific 3DES key which is referred to the Password Key.
- The Password Key is wrapped/encrypted using the 3DES Tree Key. This key is sometimes referred to as the SDI Key.
- The Tree Key is held by every eDirectory server in the tree.
- The Tree Key is wrapped/encrypted using the 3DES server specific Storage Key.
- The Storage Key is obfuscated and stored on the disk.
The NICI FIPS Security Policy Section 2.6.4.1 Key Storage Keys section provides some additional information regarding the Key Storage Key. That document can be found on the NIST web site at: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp769.pdf