[Opendnssec-develop] Re: PIN daemon

Rickard Bellgrim rickard at opendnssec.org
Mon Aug 15 12:52:09 UTC 2011


Hi

The different PIN sharing techniques (shared memory, domain sockets
(ssh-agent et. al), message queues, etc.) all boils down to basic unix
permissions. So it is more a choice of how we would like to implement
it.

The advantage of shared memory is that we do not need any special
daemon to handle the PINs. It can be part of libhsm. If there is a PIN
in config then us it, if not then try the shared memory. If it is not
there, then wait for a signal to check again. "ods-hsmutil login"
could be used by the user. This command would tell hsm_open() to also
output the PIN prompt, thus not getting blocked as the other
applications.

// Rickard



More information about the Opendnssec-develop mailing list