[Opendnssec-develop] PIN daemon

Rickard Bellgrim rickard at opendnssec.org
Wed Aug 17 06:54:17 UTC 2011


On Tue, Aug 16, 2011 at 9:32 PM, Jakob Schlyter <jakob at kirei.se> wrote:
> Would it be possible to implement this as a single PIN callback function using the current infrastructure? I.e., move everything you wrote into a single function?

The PIN module is a layer between libhsm and the user provided PIN
callback. You could move the PIN module into two callback functions.
One callback function which only waits for the PIN in the shared
memory. Another which can prompt the user for the PIN. The only issue
here is how the second callback would know whether to get the PIN from
the cache or to prompt the user again.

Perhaps extending the callback API to be able to indicate that it is a
retry? The current PIN module only save the PIN if we could login with
it. The PIN callback does not know if the login was successful or not.
The bad PIN would then propagate to the daemons which would get a
failed login and quit.

What would be the benefit of not having the caching functionality within libhsm?

// Rickard



More information about the Opendnssec-develop mailing list