[Opendnssec-user] OpenDNSSEC and multiple repositories

Rickard Bellgrim rickard.bellgrim at iis.se
Tue Sep 7 06:48:58 UTC 2010


On 6 sep 2010, at 07.08, Sebastian Castro wrote:

> So repositories individually defined work well, but together break things.
> 
> Documentation indicates multiple repositories can be defined, but it
> doesn't seem to be the case.

After reading the log messages from Sebastian we can see the problem. The second time we try to login to the token we get:

CKR_USER_ALREADY_LOGGED_IN

The PKCS#11 API specifies that you can only have one user logged in to the token. Now you want OpenDNSSEC to connect to the same token but with two different users. This is not allowed and this is also what the HSM says back to us. So the feature from the HSM of having different users on the same token can only be used if you intend to login with only one user.

My recommendation is to create two separate tokens, if you want to have different users.

// Rickard


More information about the Opendnssec-user mailing list