Ldap encryption keys – Panasonic NN46110-600 User Manual

Chapter 2 Configuring servers

25

The VPN Router centrally stores remote access profiles and corporate networking
details such as the addressing mechanism in an LDAP server; for example, group

attributes including hours of access, filters, and authentication servers. The VPN

Router queries the LDAP server for access information when a user establishes a
tunnel connection. You can service the LDAP query locally by the internal LDAP

server or you can redirect it to an external LDAP server, such as the Netscape

Directory Server.

Note: Novell Directory Services and Novell eDirectory are not

supported.

LDAP encryption keys

You can use either a user-defined or a default Lightweight Directory Access
Protocol (LDAP) encryption key. This key can either be 8 bytes (DES) or 24 bytes

(3DES) in length.

By default, the VPN Router uses the Data Encryption Standard (DES), and
therefore an 8-byte key for LDAP-stored passwords. To use a 24-byte key, you

must first enable Triple DES (3DES) encryption. If you enable 3DES, a 24-byte
password is required.

Only passwords stored in the LDAP file are affected by this new feature. Any

passwords stored in the configuration file remain unchanged.

The first time that you enable 3DES and configure a 24-byte encryption key, the
VPN Router updates the LDAP. This can take some time, depending on the size of

the user base.

Configuration information

Internal and external LDAP keys are stored in flash memory. A hash is calculated

from the user-defined key and stored in the LDAP file.

To restore a VPN Router to the default internal key:

• the VPN Router must be set to factory default (this clears the key saved in

flash), and

Nortel VPN Router Security — Servers, Authentication, and Certificates