Managing the Certificate Database294 Netscape Certificate Management System Administrator’s Guide • February 2003If you are concerned about this, you can restrict access to the internal database toonly those users who know its Directory Manager DN and correspondingpassword. You can change this password by modifying the single sign-onpassword cache. For instructions, check the section that explains how to change thepassword of an entry in the password cache in Chapter 3, “Password CacheUtility” of CMS Command-Line Tools Guide.1. Log in to Netscape Console (see “Logging Into the CMS Console” on page 247).2. Select the entry that corresponds to the internal database to which you want torestrict access, and click Open.The Directory Server console appears.3. Select the Configuration tab.4. In the navigation tree, expand Plug-ins, and then select Pass ThroughAuthentication.5. In the right pane, deselect “Enable plugin” option.6. Click Save to save your changes.You are prompted to restart the server.7. Click the Tasks tab and click “Restart the Directory Server.”8. Close the Directory Server console.9. When the server is restarted, from Netscape Console, open the DirectoryServer console.The “Login to Directory” dialog box appears; the Distinguished Name fielddisplays the Directory Manager DN and you’re required to enter the passwordthat corresponds to this entry.The Directory Server console (for the internal database) opens only if you enterthe correct password.Managing the Certificate DatabaseEach CMS instance has a certificate database, which is maintained in its internaltoken. This database contains certificates belonging to the subsystem installed inthe CMS instance and various CA certificates the subsystems use for validating thecertificates they receive.
