[Opendnssec-develop] Missing exception handling by signerd when lacking permission

Rickard Bellgrim rickard.bellgrim at iis.se
Wed Dec 22 18:36:59 UTC 2010


On 22 dec 2010, at 11.52, Rick Zijlker wrote:
 
> When starting by using “ods-control start” I received a “Can’t connect() to engine” error. Apparently the signerd didn’t start because of a lack of permission, but it took some debugging before we found out, since signerd pretends to be starting without problems, but afterwards the signer fails.
>  
> The location containing the slot0.db softhsm repo (/var/softhsm) was inaccessible by signerd. After changing the owner it worked without trouble. It would be nice to have exception handling by signerd when it fails on permission and not continue starting so it becomes hard to trace the cause of the failing signer. What do you think?

The Signer Engine did not start in this case because it could not initialize the HSM, in your case SoftHSM. SoftHSM could not be initialize because of the bad permission.

But I think Matthijs can answer more on the error messages.

// Rickard




More information about the Opendnssec-develop mailing list