Complete Contents
About This Guide
PART 1: Netscape Certificate Management System
Chapter 1: Introduction to Certificate Management System
Chapter 2: Administration Tasks and Tool
Chapter 3: Configuration
PART 2: Managing Certificate Management System
Chapter 4: Installing and Uninstalling CMS Instances
Chapter 5: Starting and Stopping CMS Instances
PART 3: System-Level Configuration
Chapter 6: Configuring Ports, Database, and SMTP Settings
Chapter 7: Managing Privileged Users and Groups
Chapter 8: Keys and Certificates
PART 4: Authentication
Chapter 9: Introduction to Authentication
Chapter 10: Authentication Modules for End-Entity Enrollment
Chapter 11: Using the PIN Generator Tool
Chapter 12: Configuring Authentication for End Users
Chapter 13: Developing Custom Authentication Modules
PART 5: Job Scheduling and Notification
Chapter 14: Introduction to Job Scheduling and Notifications
Chapter 15: Configuring Schedulable Jobs
PART 6: Policies
Chapter 16: Introduction to Policy
Chapter 17: Constraints-Specific Policy Modules
Chapter 18: Extension-Specific Policy Modules
Chapter 19: Configuring a Subsystem's Policies
PART 7: Publishing
Chapter 20: Introduction to Publishing Certificates and CRLs
Chapter 21: Modules for Publishing Certificates and CRLs
Chapter 22: Configuring a Certificate Manager for Publishing
PART 8: Agent and End-Entity Interfaces
Chapter 23: Introduction to End-Entity and Agent Interfaces
Chapter 24: Customizing End-Entity and Agent Interfaces
PART 9: Logs
Chapter 25: Introduction to Logs
Chapter 26: Managing Logs
PART 10: Issuance and Management of End-Entity Certificates
Chapter 27: Issuing and Managing End-Entity Certificates
Chapter 28: Recovering Encrypted Data
PART 11: Appendixes
Appendix A: Distinguished Names
Appendix B: Backing Up and Restoring Data
Appendix C: Command-Line Utilities
Appendix D: Certificate Database Tool
Appendix E: Key Database Tool
Appendix F: Netscape Signing Tool
Appendix G: SSL Strength Tool
Appendix H: SSL Debugging Tool
Netscape Certificate Management System Administrator's Guide: Starting and Stopping CMS Instances
Previous Next Contents Index Bookshelf


Chapter 5 Starting and Stopping CMS Instances

This chapter describes how to start, stop, and restart Netscape Certificate Management System (CMS) and how to check its current status. The chapter also explains the CMS watchdog process, a native bootstrapping program that enables Certificate Management System to start up with a single password instead of multiple ones.

The chapter has the following sections:

 Note You can use the CMS window only when the appropriate Administration Server is running. Be sure to start Administration Server at the port you specified during CMS installation. To minimize security risks, shut down Administration Server when you have finished using Netscape Console. For instructions on starting and shutting down Administration Server, see "Netscape Administration Server".


Starting Certificate Management System
Once Certificate Management System is installed, it runs constantly, listening for and accepting requests. You can start Certificate Management System in several ways:

 Required Start-up Information

When you start Certificate Management System, you are prompted to enter the single sign-on password you specified during installation. This password enables the CMS watchdog (see "CMS Watchdog Process") to retrieve all the passwords required by the server to start. These include the following:

You first specified these passwords when you installed Certificate Management System. Keep in mind that the passwords you provide for the tokens unlock a combination of the following private keys:

 For more information about the CMS keys and certificates, see "Keys and Certificates".

Note that during CMS installation, the watchdog stores all the passwords, required by the server for starting up, in a password cache. The cache is maintained in a file encrypted using the single sign-on password you specify during installation. When you change any of the required passwords or provide new passwords, you must start the server from the command-line (see "Starting From the Command Line") so that the watchdog can prompt you for the new passwords in order to update the cache.

The single sign-on password eliminates the need for you to enter the various password when starting up Certificate Management System. As a security measure, you should consider changing the single sign-on password periodically. For instructions, see "Changing the Single Sign-On Password".

Also note that all passwords used in Certificate Management System are checked by a built-in password-quality checker; for details, see "Password- Quality Checker".

Configuring the Server to Start Without the Single Sign-On Password

If you prefer to start up Certificate Management System by entering all the required passwords, instead of just the single sign-on password, you can do so by either deleting or renaming the password cache file, pwcache.p12 (notice the .p12 extension).

Here's how you can do it:

  1. Go to this directory: <server_root>/cert-<instance_id>/config
    2.

  2. Locate the pwcache.p12 file.

  3. Either rename or delete the file.

  4. Start the server from the command line; see "Starting From the Command Line".

    5. You are prompted for all the required passwords.

Later, if you want to revert back to starting the server using the single sign-on password:
  1. Create a password cache by following the instructions in "Creating a New Password Cache".

  2. Create entries for all the required passwords by following the instructions in "Adding a New Entry to the Password Cache".

  3. Copy the file to the <server_root>/cert-<instance_id>/config directory.

  4. Start the server from the command line; see "Starting From the Command Line".

    5. You are prompted for the single sign-on password.

Configuring the Server to Read the Single Sign-on Password From a File

Every time you start Certificate Management System, you are required to enter either the single sign-on password or all the passwords required by the server to startup (see "Required Start-up Information"and "Configuring the Server to Start Without the Single Sign-On Password"). If it is inconvenient for you to start the server this way, you can store the single sign-on password in a file and configure the server to start by reading the password from that file.

This configuration eliminates the need for you to enter the single sign-on password every time you start the server. Also, if you have remote access to the rebooted system, you can restart the server without sending the single-sign-on password over the net.

 Caution The instructions that follow explain how to configure Certificate Management System to start by reading the single sign-on password from a file. Note that the password is stored in a plain text file and you must use your operating system's security feature to secure this file. Failing to do so poses a security risk, as anyone who has access to the host system will be able to get hold of the single sign-on password.

To configure the server to start by reading the single sign-on password from a file:

  1. Create a file named pwfile.
    2.

  2. Put the single sign-on password in the file.

  3. Copy the file to the <server_root>/cert-<instance_id>/config directory.

  4. Edit the start-cert script.

    5. To edit the start-cert script in Unix, follow these steps:

    1. Open a command-line window.
      2.

    2. Go to the CMS-instance directory. For example, /usr/netscape/server4/cert-testCA.

    3. Enter the following line at the prompt:

      4. cat start-cert

      You should see something similar to this:

      #!/bin/sh

      /usr/netscape/server4/bin/cert/admin/bin/start -i testCA
      -r /usr/netscape/server4 -e -classpath

      /usr/netscape/server4/bin/cert/classes:/usr/netscape/
      server4/bin/cert/jars/jss.jar:/usr/netscape/server4/bin/
      cert/jars/certsrv.jar:usr/netscape/server4/java/
      ldapjdk.jar:/usr/netscape/server4/bin/cert/jre/lib/
      rt.jar:/usr/netscape/server4/bin/cert/jre/lib/i18n.jar:/
      usr/netscape/server4/bin/cert/jars/jssjdk12.jar

    4. Edit the script to include the file path to the pwfile file. Be sure to include the file path as shown in the example (shown in bold).

      5. #!/bin/sh

      /usr/netscape/server4/bin/cert/admin/bin/start -i testCA
      -f config/pwfile -r /usr/netscape/server4 -e -classpath

      /usr/netscape/server4/cert-testCA/classes/:/usr/netscape/
      server4/bin/cert/classes/:/usr/netscape/server4/bin/cert/
      jars/jss.jar:/usr/netscape/server4/bin/cert/jars/
      certsrv.jar:/usr/netscape/server4/java/ldapjdk.jar:/usr/
      netscape/server4/bin/cert/jre/lib/rt.jar:/usr/netscape/
      server4/bin/cert/jre/lib/i18n.jar:/usr/netscape/server4/
      bin/cert/jars/jssjdk12.jar

    To edit the start-cert.bat script in Windows NT, follow these steps:

    1. Open a command-line window.
      2.

    2. Go to the CMS instance directory. For example, C:\netscape\server4\cert-testCA.

    3. Enter the following line at the prompt:

      4. type start-cert.bat

      You should see something similar to this:

      net start cert-testCA /cC:\Netscape\Server4\cert-
      testCA\classes\;C:\Netscape\Server4\bin\cert\classes\;C:\
      Netscape\Server4\bin\cert\jars\jss.jar;C:\Netscape\Server
      4\bin\cert\jars\certsrv.jar;C:\Netscape\Server4\java\ldap
      jdk.jar;C:\Netscape\Server4\bin\cert\jre\lib\rt.jar;C:\Ne
      tscape\Server4\bin\cert\jre\lib\i18n.jar;C:\Netscape\Serv
      er4\bin\cert\jars\jssjdk12.jar;C:\Netscape\Server4\java\s
      wingall.jar

    4. Edit the script to include the file path to the pwfile file. Be sure to include the file path as shown in the example (shown in bold).

      5. net start cert-testCA /fC:\Netscape\Server4\cert-
      testCA\config\pwfile /cC:\Netscape\Server4\cert-
      testCA\classes\;C:\Netscape\Server4\bin\cert\classes\;C:\
      Netscape\Server4\bin\cert\jars\jss.jar;C:\Netscape\Server
      4\bin\cert\jars\certsrv.jar;C:\Netscape\Server4\java\ldap
      jdk.jar;C:\Netscape\Server4\bin\cert\jre\lib\rt.jar;C:\Ne
      tscape\Server4\bin\cert\jre\lib\i18n.jar;C:\Netscape\Serv
      er4\bin\cert\jars\jssjdk12.jar;C:\Netscape\Server4\java\s
      wingall.jar

    5. Save your changes.

  5. Use your operating system's security feature to restrict access to the password file.
    6.

  6. Restart the server from the command line; see "Starting From the Command Line".

    7. It should start without prompting for the single sign-on password.

Starting From Netscape Console

You can use Netscape Console to start an instance of Certificate Management System running on a local or remote host.

To start Certificate Management System from Netscape Console:
  1. Log in to Netscape Console (see "Logging In to Netscape Console").

  2. In the Console tab, select the Server Group that contains the CMS instance you want to start.

  3. In the navigation tree, locate the CMS instance you want to start.

  4. Select the instance, right-click, and select the Start Server option from the pop-up menu.

    5. When you start Certificate Management System, you are prompted to supply the single sign-on password for the server.

  5. Type the single sign-on password you specified during installation and click OK.
    6.

    Certificate Management System won't start until you provide this password. For more information, see "Required Start-up Information".

Starting From the Command Line

To start Certificate Management System from the command line:

  1. Open a terminal window to your server.
    2.

  2. In a Unix system, log in as root if the server runs on ports less than 1024; otherwise, log in either as root or with the server's user account.

  3. At the command-line prompt, enter the following line:

    4. <server_root>/cert-<instance_id>/start-cert[.bat]

    .bat specifies the file extension; this is required only when running the utility on a Windows NT system.

    <server_root> is the directory where the CMS binaries are kept. You first specified this directory during installation.

    <instance_id> is the ID for this instance of Certificate Management System. You first specified this when you installed this server.

  4. When prompted, enter the single sign-on password.
    5.

    Certificate Management System won't start until you provide this password. For more information, see "Required Start-up Information".

Note If Certificate Management System is already running, the start-up command fails. Stop the server first using the stop-cert command, then use the start- cert command.

Starting From the Windows NT Services Panel

If you have installed Certificate Management System on a Windows NT system, you can start the server (as a service) from the Windows NT Services panel (see Figure 5.1). The CMS service has the following name:

Netscape Certificate Management System (cert-<instance_id>)

 To start Certificate Management System from the Windows NT Services panel:
  1. Click the Start button on your desktop.
    2.

  2. Select Control Panel from Settings.

  3. In the Control Panel window that appears, click Services.

  4. Select the CMS instance and click Start.

    5. You are prompted to supply the single sign-on password for the server.

  5. Enter the single sign-on password you specified during installation and click OK.
    6.

    Certificate Management System won't start until you provide this password. For more information, see "Required Start-up Information".


Stopping Certificate Management System
You can stop Certificate Management System in several ways:

 Stopping Certificate Management System shuts down all the subsystems completely, interrupting service until the server is started again. If your machine crashes or is taken offline, the server stops, and any requests it was servicing are lost. You need to start the server again to restore service.

 Stopping From Netscape Console

You can use Netscape Console to stop an instance of Certificate Management System running on a local or remote host.

To stop Certificate Management System from Netscape Console:
  1. Log in to Netscape Console (see "Logging In to Netscape Console").

  2. In the Console tab, select the Server Group that contains the CMS instance you want to stop.

  3. In the navigation tree, select the CMS instance you want to stop, right-click, and select the Stop Server option from the pop-up menu.

    4. The server is stopped.

Stopping From the Command Line

You can stop a CMS instance running on a local host by entering the appropriate command at the command prompt.

To stop a Certificate Management System from the command line:
  1. Open a terminal window to your server.
    2.

  2. In a Unix system, log in either as root or using the server's user account (if that is how you started the server).

  3. At the command-line prompt, enter the following line:

    4. <server_root>/cert-<instance_id>/stop-cert[.bat]

    .bat specifies the file extension; this is required only when running the utility on a Windows NT system.

    <server_root> is the directory where the CMS binaries are kept. You first specified this directory during installation.

    <instance_id> is the ID for this instance of Certificate Management System. You first specified this when you installed this server.

    The server is stopped.

Stopping From the Windows NT Services Panel

You can stop a CMS instance running on a local host by stopping the corresponding service; it is identified by the following in the Windows NT Services panel (see Figure 5.1 on page 136):

Netscape Certificate Management System (cert-<instance_id>)

 To stop Certificate Management System from the Windows NT Services panel:
  1. Click the Start button on your desktop.
    2.

  2. Select Control Panel from Settings.

  3. In the Control Panel window that appears, click Services.

  4. Select the CMS instance and click Stop.

  5. When prompted, click Yes.

    6. The server is stopped.


Restarting Certificate Management System
Whenever you change the CMS configuration, you must save your changes (by clicking the Save button) for the changes to take effect. Some configuration changes also require that you restart the server after you save the changes. If restarting is required, the server prompts you accordingly.

 You can restart the server in two ways:

 Restarting From the CMS Window

You can use the CMS window to restart an instance of Certificate Management System on a local or remote host.

To restart Certificate Management System from the CMS window:
  1. Log in to the CMS window (see "Logging In to the CMS Window").

  2. In the Tasks tab, click Restart the Server.

    3. When you restart Certificate Management System, you are prompted to supply the single sign-on password for the server.

  3. Type the single sign-on password you specified during installation and click OK.
    4.

    Certificate Management System won't restart until you provide this password. For more information, see "Required Start-up Information".

Restarting From the Command Line

To restart Certificate Management System from the command line:

  1. Open a terminal window to your server.

  2. In a Unix system, log in either as root or using the server's user account (if that is how you started the server).

  3. At the command-line prompt, enter the following line:

    4. <server_root>/cert-<instance_id>/restart-cert[.bat]

    .bat specifies the file extension; this is required only when running the utility on a Windows NT system.

    <server_root> is the directory where the CMS binaries are kept. You first specified this directory during installation.

    <instance_id> is the ID for this instance of Certificate Management System. You first specified this when you installed this server.

  4. When prompted, enter the single sign-on password.
    5.

    Certificate Management System won't restart until you provide this password. For more information, see "Required Start-up Information".


Checking System Status
You can use Netscape Console to find out whether a particular instance of Certificate Management System is running.
  1. Log in to Netscape Console (see "Logging In to Netscape Console").

  2. In the Console tab, select the instance that corresponds to the CMS instance you want to check.

    3. In the right pane, check the Server Status field. If the selected instance of Certificate Management System is running, the status will be Started. Otherwise it will be Stopped or Unknown.


Attending to an Unresponsive Server
If an error causes Certificate Management System to become unresponsive, and all attempts to stop it from Netscape Console fail, it may be necessary to kill the server processes manually. The processes that should be killed are identified as follows: cms_server, cms_watchdog, or cms_daemon.

 On a Windows NT system, the server processes will have .exe file extension and will be listed in the Windows NT Task Manager. However, because they are system processes, you cannot terminate them from the Task Manager. Instead, you should terminate them using the killproc command-line tool. This tool is located with the rest of the command-line tools provided with Certificate Management System:

 <server_root>/bin/cert/tools

 In order to kill system processes, the user that runs killproc must have the Debug Programs permission. By default, this permission is given only to the Administrators group, although this can be changed in the Windows NT User Manager. Assuming it is not changed, killproc must be run by a member of the Administrators group (such as the user Administrator).

 The killproc command takes one argument, the process ID of the process to be killed: killproc <process_id>

 You can obtain the process ID from the Windows NT Task Manager. For example, to kill the jre process whose process ID is 255, you should type:

 Note The killproc tool should only be used as a last resort. Because it forces the process to terminate abruptly, the process is not able to cleanup or to save its internal state before exiting.


CMS Watchdog Process
The CMS watchdog is a native bootstrapping program that provides specific native functions. It works with Certificate Management System to enable it to start up using a single password--instead of multiple passwords--called the single sign-on password. In addition, it manages the start-up, stop, and restart states of Certificate Management System.

The watchdog process (identified as cms_watchdog) implements the following operations:


Password Cache
During CMS installation, the installation program creates a password cache which the CMS watchdog uses to store all the passwords required by the server during start up (see "Required Start-up Information"). For example, when you specify the cryptographic token password and the bind password for the internal directory during installation, the watchdog adds these passwords into the password cache; similarly, when you configure the server for LDAP publishing from Netscape Console, the watchdog adds the corresponding password to the cache.

The password cache is maintained in a triple-DES encrypted file named pwcache.p12, which is located here:

 <server_root>/cert-<instance_id>/config

 The file is protected using the single sign-on password you specify during installation. In the cache, passwords are stored along with a name, a string describing the usage of the password, which is used by Certificate Management System to index into the cache. For example, the contents of the password cache could look like this:

----- Password Cache -----

Internal LDAP Database : myIdbPwd

Internal Key Storage Token : myTokenPwd

Authentication : myPinAuthPwd

LDAP Publishing : myLdapPubPwd

Note that in the above example

 Other entries may appear in the password cache. For example, if you set up PIN-based authentication with the remove PIN option, you will see an entry for the password Certificate Management System uses to bind to the authentication directory to remove a PIN after a user successfully authenticates; for details, see Table 10.3. Similarly, if you enable LDAP publishing with basic authentication, you will also see an entry for the password Certificate Management System will use to bind to the publishing directory; for details, see "Step 5. Identify the Publishing Directory".

Except for the string Internal LDAP Database, you can change any of the above prompts by modifying the corresponding value in the configuration file and then replacing (delete the old item and add the new item) the current entry in the password cache with the new prompt and the password using the PasswordCache utility explained in "Password Cache Utility".

When various modules in the server, such as authentication and LDAP publishing, initialize, they query the password cache for the password. The password cache returns the password if it has it, or else it prompts the user for one. Note that this prompting happens only at server startup time, which means whenever you change any of the required passwords or provide new passwords, you must restart the server from the command-line (see "Starting From the Command Line") so that the watchdog can prompt you for the new passwords in order to update the cache.

Password Cache Utility

Certificate Management System comes with a command-line utility named PasswordCache for manipulating the contents of the password cache. You will be required to manipulate the password cache for various reasons. For example, assume you've enabled LDAP publishing and have configured Certificate Management System to bind to the directory with Directory Manager's DN and password. If the directory administrator changes the Directory Manager's password, Certificate Management System will fail to bind to the directory during startup. You can resolve this problem by modifying the corresponding bind password in the cache using the PasswordCache utility.

Locating the PasswordCache Utility

The PasswordCache utility is located with the rest of the command-line tools here: <server_root>/bin/cert/tools

Note You must run the PasswordCache utility from the <server_root>/cert- <instance_id> directory.

Syntax

You can run the utility by executing the following command from the <server_root>/cert-<instance_id> directory:

PasswordCache <sso_password> <command>

 Managing the Password Cache

You can use the PasswordCache utility for the following:

 Note The server queries the password cache only during start up, and hence recongnizes the changes you've made to the cache only if you restart the server from the command line. If you left any of the passwords blank, the server will prompt you to enter that during startup and from then on stores it in the password cache.

Changing the Single Sign-On Password

To change the single sign-on password:

  1. Open a command window.
    2.

  2. Go to this directory: <server_root>/cert-<instance_id>

  3. At the prompt, enter the command below, substituting <sso_password> with the single sign-on password and <new_sso_password> with the new single sign-on password.

    4. PasswordCache <sso_password> changesso <new_sso_password>

    For example, if your old password is mySsoPwd and new password is myNewSsoPwd, the command would look like this:

    PasswordCache mySsoPwd changesso myNewSsoPwd

Listing the Contents of the Password Cache

To list or view the contents of the password cache:

  1. Open a command window.
    2.

  2. Go to this directory: <server_root>/cert-<instance_id>

  3. At the prompt, enter the command below, substituting <sso_password> with the single sign-on password:

    4. PasswordCache <sso_password> list

    For example, if your single sign-on password is mySsoPwd, the command would look like this:

    PasswordCache mySsoPwd list

    In response, you should see something similar to this:

    ----- Password Cache -----

    Internal LDAP Database : myIdbPwd

    Internal Key Storage Token : myTokenPwd

    LDAP Publishing: myLdapPubPwd

Adding a New Entry to the Password Cache

To add a new entry to the cache:

  1. Open a command window.
    2.

  2. Go to this directory: <server_root>/cert-<instance_id>

  3. At the prompt, enter the command below, substituting <sso_password> with the single sign-on password, <password_name> with a string describing the password usage, and <password> with the actual password:

    4. PasswordCache <sso_password> add <password_name> <password>

    For example, if your single sign-on password is mySsoPwd, the string describing the password usage is Bind Password for LDAP Publishing Directory, and password is myLdapPubPwd, the command would look like this:

    PasswordCache mySsoPwd add "Bind Password for LDAP Publishing Directory" myLdapPubPwd

    If the password name string includes spaces, be sure to enclose the string in double quotes as indicated in the above example.

Changing the Password of an Entry in the Password Cache

To change the password associated with an entry in the password cache:

  1. Open a command window.
    2.

  2. Go to this directory: <server_root>/cert-<instance_id>

  3. At the prompt, enter the command below, substituting <sso_password> with the single sign-on password, <password_name> with the string that describes the password usage, and <password> with the new password:

    4. PasswordCache <sso_password> change <password_name> <password>

    For example, if your single sign-on password is mySsoPwd, the string describing the password usage is Bind Password for LDAP Publishing Directory, and the new password is myNewLdapPubPwd, the command would look like this:

    PasswordCache mySsoPwd change "Bind Password for LDAP Publishing Directory" myNewLdapPubPwd

    If the password name string includes spaces, be sure to enclose the string in double quotes as indicated in the above example.

Deleting an Entry From the Password Cache

To delete an entry from the cache:

  1. Open a command window.
    2.

  2. Go to this directory: <server_root>/cert-<instance_id>

  3. At the prompt, enter the command below, substituting <sso_password> with the single sign-on password and <password_name> with the string that describes the password usage:

    4. PasswordCache <sso_password> delete <password_name>

    For example, if your single sign-on password is mySsoPwd and the string describing the password usage is Bind Password for LDAP Publishing Directory, the command would look like this:

    PasswordCache mySsoPwd delete "Bind Password for LDAP Publishing Directory"

    If the password name string includes spaces, be sure to enclose the string in double quotes as indicated in the above example.

Creating a New Password Cache

If you have changed CMS startup so that the server prompts for all the required passwords, instead of just the single sign-on password, and want to revert back to starting the server with a single sign-on password, you must create a new password cache. Before creating a new password cache, decide on the single sign-on password to protect the cache.

To create a new, empty password cache:
  1. Open a command window.
    2.

  2. Go to this directory: <server_root>/cert-<instance_id>

  3. At the prompt, enter the command below, substituting <sso_password> with a password to protect the cache:

    4. PasswordCache <sso_password> create

    For example, if the password you want to use to protect the single sign-on cache is mySsoPwd, the command would look like this:

    PasswordCache mySsoPwd create


Password-Quality Checker
Certificate Management System comes with a plugin, called password-quality checker, to monitor the quality of passwords set within the CMS system. All passwords used in Certificate Management System are checked by the password-quality checker, which by default checks that the length of a password is at least 8 characters long; there are no checks regarding which characters are valid or invalid. If you use a password that doesn't meet the quality rules, you will get an error message indicating that the password didn't meet the password-quality rules.

 Note that Certificate Management System enforces password quality on only those passwords that it strictly creates and manages. Passwords you enter for LDAP directory access are not subjected to quality checks. The reason for this is, the password quality is handled by the system that creates and manages the password. In an LDAP directory access, the remote directory that you authenticate to enforces the password quality of the password you use because it is created and managed by the directory.

 To enable you to customize password quality, the plugin for the password-quality checker is included in the CMS samples package; for example, you can change the default rule to ensure that all CMS passwords are constructed with certain types of characters such as numbers, symbols, capital letters, and so on. The samples package is located here:

 <server_root>/cms_sdk/samples

 

© Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.