[Opendnssec-user] OpenDNSSEC and multiple repositories
Rickard Bellgrim
rickard.bellgrim at iis.se
Mon Sep 6 07:46:01 UTC 2010
On 6 sep 2010, at 08.20, Rickard Bellgrim wrote:
> The problem is that we use the token label as the unique identifier for the HSM and not the label and pin pair. We connect to the first occurrence of the token label.
Or maybe it should work. It depends on whether there is a single slot with two tokens. Which token to use is selected by the PKCS#11 provider when you login. I probably should dive into our code and have a look.
Maybe you could use:
/usr/lib/pkcs11/pkcs11-spy.so
Use that path in conf.xml for the two repositories.
And set the following:
export PKCS11SPY=/usr/lib/pkcs11/PKCS11_API.so
You will now get an output of the communication between ods-hsmutil and your HSM. This information is helpful when debugging PKCS#11. Could I get this information from you off-list?
Thanks
// Rickard
More information about the Opendnssec-user
mailing list