[Opendnssec-user] ods-signer - create_dnskey stderr: Error initializing libhsm

Rickard Bellgrim rickard.bellgrim at iis.se
Fri Nov 5 11:53:44 UTC 2010


On 5 nov 2010, at 10.11, Sion Lloyd wrote:

> Do both processes run as the same user? I've had problems in the past running 
> as two different users and so getting different environments for each process...

Yes, in order to use SoftHSM, you need to have read/write privileges to the directory/file where it stores the token. You can find the location of directory/file in /etc/softhsm.conf

Then you need to run both the Enforcer and the Signer with the correct privileges. Apparently it works for the Enforcer but not the Signer. It thus sounds like you have configured different users/groups in the /etc/opendnssec/conf.xml. Make sure that user/group for both the Signer and the Enforcer have read/write to the token in SoftHSM.

// Rickard




More information about the Opendnssec-user mailing list