[Opendnssec-develop] Re: PIN daemon

Rickard Bellgrim rickard at opendnssec.org
Tue Aug 16 10:16:16 UTC 2011


> The different PIN sharing techniques (shared memory, domain sockets
> (ssh-agent et. al), message queues, etc.) all boils down to basic unix
> permissions. So it is more a choice of how we would like to implement
> it.
>
> The advantage of shared memory is that we do not need any special
> daemon to handle the PINs. It can be part of libhsm. If there is a PIN
> in config then us it, if not then try the shared memory. If it is not
> there, then wait for a signal to check again. "ods-hsmutil login"
> could be used by the user. This command would tell hsm_open() to also
> output the PIN prompt, thus not getting blocked as the other
> applications.

I have code for this. Should I commit?

// Rickard



More information about the Opendnssec-develop mailing list