[Opendnssec-user] Problems accessing SCA6000 under Linux

B C brettlists at gmail.com
Fri Jan 8 22:30:14 CET 2010


Thanks for the quick answer Rickard,

opendnssec processes run as user opendnssec which is a member of the pkcs11
group when I run ods-hsmutil I am doing so as root which is also a member of
the pkcs11 group.

Brett


On Fri, Jan 8, 2010 at 9:04 PM, Rickard Bellgrim <rickard.bellgrim at iis.se>wrote:

> Are your running OpenDNSSEC with correct user and group? You have to belong
> to group "pkcs11" to get access to the shared memory of opencryptoki.
>
> 8 jan 2010 kl. 21.46 skrev "B C" <brettlists at gmail.com>:
>
> We are currently seeing a problem on a Centos5 Linux box which has a Sun
> SCA6000 installed in it.
>
> It has been functioning fine, opendnssec rc2 is running and could access
> the HSM and create/use keys etc, however all of a sudden ods-signerd is
> having issues accessing the HSM
> I see this in the logs:
>
>  ods-signerd: err create_dnskey stderr: Error initializing libhsm
>
> also ods-hsmutil list has started returning:
>
> hsm_get_slot_id(): could not find token with the name Sun Metaslot
>
> opencryptoki is also reporting errors in its logs:
>
> Jan  8 20:10:46 <http://beta-dnssec1.nominet.org.uk>
> beta-dnssec1.nominet.org.uk openCryptokiModule[4241]: hsm_get_slot_id():
> could not find token with the name Sun Metaslot
> Jan  8 20:10:47 <http://beta-dnssec1.nominet.org.uk>
> beta-dnssec1.nominet.org.uk openCryptokiModule[4256]: api_interface.c:3771
> Token Not Present
>
> I can access the HSM from the Sun scamgr utility with no issues, and the
> diagnostics are not showing any issues.
>
> I've uninstalled and re-installed all the Sun modules/drivers and the
> opencrypto package but the problem still exists.
>
> I've also reset the HSM from within scamgr -D also to no avail
>
> We have another server that is setup exactly the same and is working
> without any issues.
>
> Is this pointing towards a hardware failure or have I missed something
> somewhere?
>
> Any help greatly appreciated
>
> Brett
>
>
> <ATT00001..txt>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20100108/fda0d73b/attachment.html>


More information about the Opendnssec-user mailing list