diff --git a/setup-nsssysinit.sh b/setup-nsssysinit.sh
new file mode 100755
index 0000000..c4f60ef
--- /dev/null
+++ b/setup-nsssysinit.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# Turns on or off the nss-sysinit module db by editing the
+# global PKCS #11 congiguration file.
+#
+# This script can be invoked by the user as super user.
+# It is invoked at nss-sysinit post install time with argument on
+# and at nss-sysinit pre uninstall with argument off. 
+#
+usage()
+{
+  cat <<EOF
+Usage: setup-nsssysinit [on|off]
+  on  - turns on nsssysinit
+  off - turns off nsssysinit
+EOF
+  exit $1
+}
+
+# validate
+if test $# -eq 0; then
+  usage 1 1>&2
+fi
+
+on="1"
+case "$1" in
+  on  | ON )  on="1";;
+  off | OFF ) on="";;
+  * )         usage 1 1>&2;;
+esac
+
+# the system-wide configuration file
+p11conf="/etc/pki/nssdb/pkcs11.txt"
+# must exist, otherwise report it and exit with failure
+if [ ! -f $p11conf ]; then
+  echo "Could not find ${p11conf}"
+  exit 1
+fi
+
+# turn on or off
+if [ on = "1" ]; then 
+  cat ${p11conf} | sed -e 's/^library=$/library=libnsssysinit.so/' \
+                       -e 'g/^NSS/ s; Flags=internal,critical; Flags=internal,moduleDBOnly,critical;' > \
+                       ${p11conf}.on
+  mv ${p11conf}.on ${p11conf}
+else
+  if [ `grep "^library=libnsssysinit" ${p11conf}` == ""]; then
+    exit 0
+  if
+  cat ${p11conf} | sed -e 's/^library=libnsssysinit.so/library=/' \
+                       -e 'g/^NSS/ s; Flags=internal,moduleDBOnly,critical; Flags=internal,critical;' > \
+                       ${p11conf}.off
+  mv ${p11conf}.off ${p11conf}
+fi
+