Step B. Facilitate The Key Recovery Agents To Change The Passwords; Step C. Determine The Authorization Mode For Key Recovery; Step D. Customize The Key Recovery Form; Step E. Configure Key Recovery Policies - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Step B. Facilitate the Key Recovery Agents to Change the
Passwords
During the installation of Data Recovery Manager, after you specified the m of n
scheme, you were also prompted to provide unique passwords for each recovery
agent. It is quite likely that you specified these passwords yourself instead of it
being done by those individuals who have been designated with the key recovery
agents' role in your organization. Therefore, you must get the designated recovery
agents to change the passwords entered during installation.
• To understand the significance of key recovery agents' passwords, see "Key
Recovery Agents and Their Passwords" on page 741.
• To get the recovery agents to change the passwords, follow the instructions in
"Changing Key Recovery Agents' Passwords" on page 749.

Step C. Determine the Authorization Mode for Key Recovery

The Data Recovery Manager allows key recovery agents to authorize recovery of
an end user's encryption private key locally or remotely. The default configuration
is local authorization. It is important that you evaluate both the authorization
modes, and choose the one that is appropriate for your organization. For more
information about this, see "Local Versus Remote Key Recovery Authorization" on
page 743.
If want the key recovery agents to authorize key recovery remotely, be sure to set
them up as Data Recovery Manager agents following the instructions in "Setting
Up Agents" on page 406.

Step D. Customize the Key Recovery Form

Key recovery agents need an appropriate interface to initiate the key recovery
process. By default, the Data Recovery Manager's Agent Services interface includes
an HTML form (
recoverKey.html
key recovery process and retrieve users' encryption keys. For details about this
form, check CMS Customization Guide.
If you want to customize this form to suit your organization, be careful not to
delete any of the information that is vital to the functioning of the form; it is
recommended that you restrict your changes to the content presented in the form.

Step E. Configure Key Recovery Policies

This step is optional.
Configuring Key Archival and Recovery Process
) that allows key recovery agents to initiate the
Chapter 22 Setting Up Key Archival and Recovery 759