[Opendnssec-develop] Re: PIN daemon

Rickard Bellgrim rickard at opendnssec.org
Wed Aug 17 08:59:22 UTC 2011


> Thank you Rick for the review. I have attached a new version.

Some more comments from Rick got me thinking on how invalid PINs are handled.

Changes:
* Do not save the PIN from the configuration in the shared memory.
* Try to use the configured PIN before looking in the shared memory.
* Fail if the configured PIN is incorrect. Do not try the PIN callback.

A PIN will only be saved in the shared memory if it was correct and
was entered using the PIN callback. The scenario with an unvalid PIN
in memory happens when the user has changed the PIN for the HSM. So if
there is no PIN in configuration and the PIN in the shared memory is
invalid, then the daemons will fail to start. This can be fixed by the
user by calling "ods-hsmutil login".

// Rickard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pin.patch
Type: application/octet-stream
Size: 23193 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20110817/a72331b4/attachment.obj>


More information about the Opendnssec-develop mailing list