[Opendnssec-user] Problems accessing SCA6000 under Linux

Rickard Bellgrim rickard.bellgrim at iis.se
Fri Jan 8 21:04:23 UTC 2010

Are your running OpenDNSSEC with correct user and group? You have to belong to group "pkcs11" to get access to the shared memory of opencryptoki.

8 jan 2010 kl. 21.46 skrev "B C" <brettlists at gmail.com<mailto:brettlists at gmail.com>>:

We are currently seeing a problem on a Centos5 Linux box which has a Sun SCA6000 installed in it.

It has been functioning fine, opendnssec rc2 is running and could access the HSM and create/use keys etc, however all of a sudden ods-signerd is having issues accessing the HSM
I see this in the logs:

 ods-signerd: err create_dnskey stderr: Error initializing libhsm

also ods-hsmutil list has started returning:

hsm_get_slot_id(): could not find token with the name Sun Metaslot

opencryptoki is also reporting errors in its logs:

Jan  8 20:10:46 <http://beta-dnssec1.nominet.org.uk> beta-dnssec1.nominet.org.uk<http://beta-dnssec1.nominet.org.uk> openCryptokiModule[4241]: hsm_get_slot_id(): could not find token with the name Sun Metaslot
Jan  8 20:10:47 <http://beta-dnssec1.nominet.org.uk> beta-dnssec1.nominet.org.uk<http://beta-dnssec1.nominet.org.uk> openCryptokiModule[4256]: api_interface.c:3771 Token Not Present

I can access the HSM from the Sun scamgr utility with no issues, and the diagnostics are not showing any issues.

I've uninstalled and re-installed all the Sun modules/drivers and the opencrypto package but the problem still exists.

I've also reset the HSM from within scamgr -D also to no avail

We have another server that is setup exactly the same and is working without any issues.

Is this pointing towards a hardware failure or have I missed something somewhere?

Any help greatly appreciated


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20100108/6083d649/attachment.htm>

More information about the Opendnssec-user mailing list