[Opendnssec-user] Opendnssec on Centos5 using Sun SCA6000

B C brettlists at gmail.com
Thu Nov 5 11:05:37 UTC 2009


Does anybody have any experience in getting this combination to work?

I have the following packages installed

sun-sca6000-man-1.1-3
sun-nss-3.11.7-2
sun-sca6000-libs-1.1-2
sun-sca6000-admin-1.1-3
sun-sca6000-var-1.1-2
sun-sca6000-config-1.1-2
sun-sca6000-firmware-1.1-3
sun-nspr-4.6.7-2
sun-sca6000-1.1-5

along with all the pre-reqs for opendnssec.

This has enabled me to use the scamgr util to talk to the SCA6000 initialise
it and create a keystore.

The problem comes when I try to get opendnssec to talk to the SCA6000

With this in my conf.xml:


                <Repository name="sca6000">

 <Module>/opt/sun/sca6000/lib64/libpkcs11_sca.so</Module>
                        <TokenLabel>Sun Metaslot</TokenLabel>
                        <PIN>opendnssec:password</PIN>
                        <Capacity>1000</Capacity>
                        <RequireBackup/>
                </Repository>

If I run: ods-hsmutil list

I get the error:

hsm_session_init(): PKCS#11 module load failed:
/opt/sun/sca6000/lib64/libpkcs11_sca.so

I get the same error if I change the module to lib instead of lib64

It was suggested to me already that I should be using the
module /usr/lib64/opencryptoki/PKCS11_API.so

When I change that in conf.xml I then get the following error:

ods-hsmutil list
Initialization: CKR_HOST_MEMORY

Has anybody got this combination to work and have any idea where I am going
wrong.


Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091105/5959ff4c/attachment.htm>


More information about the Opendnssec-user mailing list