<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=NL link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>In addition to
previous mail. I’m running RC2 and ODS is not using the assigned policy to
sign my zone.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>It seems like it is
using the repository of policy ‘default’ instead of policy ‘SCKR_S1T1’.
<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>I’m getting
this piece of logging every hour:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Reading config schema
"/usr/local/share/opendnssec/conf.rng"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Communication Interval:
3600<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: SQLite database set to:
/var/opendnssec/kasp.db<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Log User set to: local0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Switched log facility to:
local0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Connecting to Database...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Policy default found.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Key sharing is Off.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: NOTE: keys generated in
repository luna1 will not become active until they have been backed up<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Policy SCKR_S1T1 found.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Key sharing is On<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Zone rick.nl found.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Policy for rick.nl set to
SCKR_S1T1.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Config will be output to
/var/opendnssec/signconf/rick.nl.xml.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: INFO: Promoting KSK from
publish to active as this is the first pass for the zone<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: ERROR: Trying to make
non-backed up KSK active when RequireBackup flag is set<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: KsmRequestKeys returned:
65562<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Signconf not written for
rick.nl<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Disconnecting from
Database...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Dec 29 13:06:05 signer2 ods-enforcerd: Sleeping for 3600
seconds.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Zone list looks good:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>[root@signer2 ~]# ods-ksmutil zone list<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>zonelist filename set to /etc/opendnssec/zonelist.xml.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-family:"Courier New";
color:#1F497D'>Found Zone: rick.nl; on policy SCKR_S1T1<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>A bit more of the
SCKR_S1T1 policy:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<Description>Default policy exceeding speed limits</Description><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<Signatures><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<Resign>PT3M</Resign><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<Refresh>PT20M</Refresh><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<Validity><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<Default>PT45M</Default><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<Denial>PT45M</Denial><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
</Validity><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<Jitter>PT10M</Jitter><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
<InceptionOffset>PT300S</InceptionOffset><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
</Signatures><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Cheers,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Rick<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>
opendnssec-develop-bounces@lists.opendnssec.org [mailto:opendnssec-develop-bounces@lists.opendnssec.org]
<b>On Behalf Of </b>Rick Zijlker<br>
<b>Sent:</b> maandag 28 december 2009 15:59<br>
<b>To:</b> opendnssec-develop@lists.opendnssec.org<br>
<b>Subject:</b> [Opendnssec-develop] Unexpected behavior<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Hello,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span lang=EN-US>While trying to sign a zone with softHSM, I
am getting note’s and errors which belong to the hardware HSM. Even though
the hardware HSM isn’t being used at all.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>These are the repositories (conf.xml):<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<RepositoryList><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Repository name="softHSM"><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Module>/usr/local/lib/libsofthsm.so</Module><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<TokenLabel>test</TokenLabel><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<PIN>1111</PIN><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
</Repository><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Repository name="luna1"><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Module>/usr/lib/libCryptoki2_64.so</Module><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<TokenLabel>signer1-ksk</TokenLabel><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<PIN>PR46-dH7b-9TSX-9pTX</PIN><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Capacity>1000</Capacity><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<RequireBackup/><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
</Repository><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
</RepositoryList><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Part of the Policy which I attached to the
zone I am signing (kasp.xml):<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<KSK><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Algorithm length="2048">7</Algorithm><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Lifetime>PT5H</Lifetime><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Repository>softHSM</Repository><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Standby>1</Standby><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<!-- <ManualRollover/> --><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
</KSK><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<ZSK><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Algorithm length="1024">7</Algorithm><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Lifetime>PT2H</Lifetime><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Repository>softHSM</Repository><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
<Standby>1</Standby><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>
</ZSK><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>It looks like ODS is trying to use softHSM
as repository since he is creating new keys in softHSM, but the ERROR, NOTE
messages are referring to the luna1 (</span><span lang=EN-US style='font-size:
10.0pt;font-family:"Courier New"'>Error creating key in repository luna1</span><span
lang=EN-US>) which isn’t being used at all.</span><span lang=EN-US
style='font-size:10.0pt;font-family:"Courier New"'><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>I only have 1 zone in the zonelist and
updated the KASP before starting the deamons. Also, I have signed nl before
with the default policy and it was no problem. Now that I removed nl from the
zonelist, it seems ODS tries to create 1000 KSK’s for no obvious reason.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Also the logging tells me (</span><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>15:06:01 NOTE:
keys generated in repository SoftHSM..</span><span lang=EN-US>) to backup the
keys, but SoftHSM hasn’t got <RequireBackup/> added.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-signerd: Error updating zone configuration for: rick.nl<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-signerd: [Errno 2] No such file or directory:
u'/var/opendnssec/signconf/rick.nl.xml'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-signerd: opening socket:
/var/run/opendnssec/engine.sock<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-signerd: Engine running<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: opendnssec-enforcer starting...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: opendnssec-enforcer Parent exiting...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: opendnssec-enforcer forked OK...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: opendnssec-enforcer started (version
1.0.0rc2), pid 1394<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: SSL cipher list set to AES256-SHA<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: HSM opened successfully.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Reading config "/etc/opendnssec/conf.xml"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Reading config schema
"/usr/local/share/opendnssec/conf.rng"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Communication Interval: 3600<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: SQLite database set to: /var/opendnssec/kasp.db<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Log User set to: local0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Switched log facility to: local0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Connecting to Database...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Policy default found.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Key sharing is Off.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: NOTE: keys generated in repository luna1
will not become active until they have been backed up<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Policy SCKR_S1T1 found.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:05:59 signer2 ods-enforcerd: Key sharing is On<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:00 signer2 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair
generated<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:00 signer2 ods-enforcerd: Created KSK size: 2048, alg: 7 with id:
d4b41a1c08cd125868d071d41f7eb11a in repository: softHSM and database.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair
generated<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: Created KSK size: 2048, alg: 7 with id:
80c10f316ea259642f7714aceeece25a in repository: softHSM and database.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair
generated<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: Created ZSK size: 1024, alg: 7 with id:
578b649144cc6dbd59c1a2d73477e7a7 in repository: softHSM and database.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair
generated<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: Created ZSK size: 1024, alg: 7 with id:
7b831287fe74cc5d12277873fca0fa93 in repository: softHSM and database.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: NOTE: keys generated in repository softHSM
will not become active until they have been backed up<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: Zone rick.nl found.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: Policy for rick.nl set to SCKR_S1T1.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: Config will be output to
/var/opendnssec/signconf/rick.nl.xml.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: INFO: Promoting KSK from publish to active
as this is the first pass for the zone<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: ERROR: Trying to make non-backed up KSK
active when RequireBackup flag is set<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: KsmRequestKeys returned: 65562<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: Signconf not written for rick.nl<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: Disconnecting from Database...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:06:01 signer2 ods-enforcerd: Sleeping for 3600 seconds.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Reading config schema
"/usr/local/share/opendnssec/conf.rng"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Communication Interval: 3600<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: SQLite database set to:
/var/opendnssec/kasp.db<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Log User set to: local0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Switched log facility to: local0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Connecting to Database...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Policy default found.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Key sharing is Off.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Repository luna1 is nearly full, will create
1000 KSKs for policy default (reduced from -2)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Error creating key in repository luna1<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:18 signer2 ods-enforcerd: Find objects init: CKR_DEVICE_ERROR<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Reading config schema
"/usr/local/share/opendnssec/conf.rng"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Communication Interval: 3600<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: SQLite database set to:
/var/opendnssec/kasp.db<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Log User set to: local0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Switched log facility to: local0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Connecting to Database...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Policy default found.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Key sharing is Off.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Repository luna1 is nearly full, will create
1000 KSKs for policy default (reduced from -2)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Error creating key in repository luna1<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>Dec
28 15:37:27 signer2 ods-enforcerd: Find objects init: CKR_DEVICE_ERROR<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Can anyone (if there is even anyone not
having holiday) enlighten me?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Cheers,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Rick<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
</div>
</body>
</html>