[Opendnssec-user] Problems accessing SCA6000 under Linux
brettlists at gmail.com
Fri Jan 8 22:30:14 CET 2010
Thanks for the quick answer Rickard,
opendnssec processes run as user opendnssec which is a member of the pkcs11
group when I run ods-hsmutil I am doing so as root which is also a member of
the pkcs11 group.
On Fri, Jan 8, 2010 at 9:04 PM, Rickard Bellgrim <rickard.bellgrim at iis.se>wrote:
> Are your running OpenDNSSEC with correct user and group? You have to belong
> to group "pkcs11" to get access to the shared memory of opencryptoki.
> 8 jan 2010 kl. 21.46 skrev "B C" <brettlists at gmail.com>:
> We are currently seeing a problem on a Centos5 Linux box which has a Sun
> SCA6000 installed in it.
> It has been functioning fine, opendnssec rc2 is running and could access
> the HSM and create/use keys etc, however all of a sudden ods-signerd is
> having issues accessing the HSM
> I see this in the logs:
> ods-signerd: err create_dnskey stderr: Error initializing libhsm
> also ods-hsmutil list has started returning:
> hsm_get_slot_id(): could not find token with the name Sun Metaslot
> opencryptoki is also reporting errors in its logs:
> Jan 8 20:10:46 <http://beta-dnssec1.nominet.org.uk>
> beta-dnssec1.nominet.org.uk openCryptokiModule: hsm_get_slot_id():
> could not find token with the name Sun Metaslot
> Jan 8 20:10:47 <http://beta-dnssec1.nominet.org.uk>
> beta-dnssec1.nominet.org.uk openCryptokiModule: api_interface.c:3771
> Token Not Present
> I can access the HSM from the Sun scamgr utility with no issues, and the
> diagnostics are not showing any issues.
> I've uninstalled and re-installed all the Sun modules/drivers and the
> opencrypto package but the problem still exists.
> I've also reset the HSM from within scamgr -D also to no avail
> We have another server that is setup exactly the same and is working
> without any issues.
> Is this pointing towards a hardware failure or have I missed something
> Any help greatly appreciated
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-user