Windows; Linux And Solaris - Novell IDENTITY MANAGER 3.6. - INTEGRATION Integration Manual

6.6.1 Windows

On Windows, the custom certificate and private key files are also protected by file system trustees.
The eDirectory instrumentation certificate files to protect are
\windows_directory\dxicert.pem and \windows_directory\dxipkey.pem.
To limit access to the private key files:
1 Grant the auditor user full object rights to the key files.
2 Give the SYSTEM account read rights to the key files.
3 Do not allow inherited rights from any file to be propagated to the key files.
NOTE: The owner of a file can always change the rights. System administrators can take ownership
of a file. Do not grant excessive numbers of users Administrator rights to the server.

6.6.2 Linux and Solaris

On Linux and Solaris, the private key is stored in /etc/dxipkey.pem.
To limit access to the private key file:
1 Grant the root user rights to the file.
You can also grant rights to the auditor and the root group. Do not grant read rights to other
users of the system.
2 Assign mode 0400 to the file; verify that the owner of the file is root.
If you have granted rights to the auditor and the root group, assign mode 0440 to the file.
38 Identity Manager 3.6 Integration Guide for Novell Audit