[Opendnssec-user] Problems accessing SCA6000 under Linux
Rickard Bellgrim
rickard.bellgrim at iis.se
Fri Jan 8 21:04:23 UTC 2010
Are your running OpenDNSSEC with correct user and group? You have to belong to group "pkcs11" to get access to the shared memory of opencryptoki.
8 jan 2010 kl. 21.46 skrev "B C" <brettlists at gmail.com<mailto:brettlists at gmail.com>>:
We are currently seeing a problem on a Centos5 Linux box which has a Sun SCA6000 installed in it.
It has been functioning fine, opendnssec rc2 is running and could access the HSM and create/use keys etc, however all of a sudden ods-signerd is having issues accessing the HSM
I see this in the logs:
ods-signerd: err create_dnskey stderr: Error initializing libhsm
also ods-hsmutil list has started returning:
hsm_get_slot_id(): could not find token with the name Sun Metaslot
opencryptoki is also reporting errors in its logs:
Jan 8 20:10:46 <http://beta-dnssec1.nominet.org.uk> beta-dnssec1.nominet.org.uk<http://beta-dnssec1.nominet.org.uk> openCryptokiModule[4241]: hsm_get_slot_id(): could not find token with the name Sun Metaslot
Jan 8 20:10:47 <http://beta-dnssec1.nominet.org.uk> beta-dnssec1.nominet.org.uk<http://beta-dnssec1.nominet.org.uk> openCryptokiModule[4256]: api_interface.c:3771 Token Not Present
I can access the HSM from the Sun scamgr utility with no issues, and the diagnostics are not showing any issues.
I've uninstalled and re-installed all the Sun modules/drivers and the opencrypto package but the problem still exists.
I've also reset the HSM from within scamgr -D also to no avail
We have another server that is setup exactly the same and is working without any issues.
Is this pointing towards a hardware failure or have I missed something somewhere?
Any help greatly appreciated
Brett
<ATT00001..txt>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20100108/6083d649/attachment.htm>
More information about the Opendnssec-user
mailing list