[Opendnssec-user] OpenDNSSEC with AEP Keyper

elsif jake at elsif.net
Thu May 10 15:47:25 UTC 2012


opendnssec-1.4.0-1.el6.x86_64 under Red Hat Enterprise Linux Server release 
6.2.

I've done:

1) inittoken  (and specified token ID, passwords)

2) ods-ksmutil key generate --policy=lab --interval P30D

When I do an "ods-hsmutil list", I get:
[root at signer01 opendnssec]# ods-hsmutil list
Listing keys in all repositories.
36 keys found.

Repository            ID                                Type
----------            --                                ----
AEP                   80dc4a8001695bdff1f7a08ec43f52c6  RSA/1024
AEP                   9fa1ce73cebe61e6cc50e96ed1670db8  RSA/1024
...<snip>...
AEP                   0dad0b4cd65276b511226f8be2f5e963  RSA/2048
AEP                   33d2140710b3be6488ae95ca690d6f9f  RSA/2048
AEP                   8226642cff8eceb64c05ee244831b55e  RSA/2048

However, I'm unsure of the next steps.

"ods-ksmutil key list" shows no keys.

"ods-control start" fails to start both enforcerd and signerd:

May 10 11:18:06 signer01 ods-enforcerd: opendnssec starting...
May 10 11:18:06 signer01 ods-enforcerd: opendnssec Parent exiting...
May 10 11:18:06 signer01 ods-enforcerd: opendnssec forked OK...
May 10 11:18:06 signer01 ods-enforcerd: group set to: ods (494)
May 10 11:18:06 signer01 ods-enforcerd: user set to: ods (497)
May 10 11:18:06 signer01 ods-enforcerd: opendnssec started (version 
1.4.0-trunk), pid 15006
May 10 11:18:06 signer01 ods-enforcerd: hsm_get_slot_id(): could not find token 
with the name MYKSK

May 10 11:18:11 signer01 ods-signerd: [engine] setup: error initializing libhsm 
errno=268435457 (hsm_get_slot_id(): could not find token with the name MYKSK)
May 10 11:18:11 signer01 ods-signerd: [engine] setup failed: HSM error
May 10 11:18:11 signer01 ods-signerd: [engine] signer shutdown
May 10 11:18:11 signer01 ods-signerd: daemon/xfrhandler.c at 184 could not 
pthread_kill(xfrhandler->thread_id, 1): No such process
May 10 11:18:11 signer01 ods-signerd: daemon/engine.c at 284 could not 
pthread_join(engine->xfrhandler->thread_id, NULL): No such process

"displaytoken" shows:
PKCS11 API v:2.11
Manufacturer ID:AEP Networks. Release64 P4=60257
1 slots found
The slots that are available are between 0 and 0
Enter the slot number :0


PKCS11 Slot     : 0
PKCS11 Label    : MYKSK
Keyper Model    : Keyper Pro 0405
Keyper Serial   : K<deprecated by poster>
Keyper version  : 2.0
App             : 020
ABL             : 029
AL              : 02

What do I need to do to make ksmutil see the keys generated, or detect the 
right slot, or the right token, or error is indicating?

Thanks,

-Jake



More information about the Opendnssec-user mailing list