[Opendnssec-user]About AEP Keyper Testing
Dave Knight
dave at knig.ht
Wed Jan 30 00:40:11 UTC 2013
On 2013-01-29, at 5:53 AM, John Dickinson <jad at sinodun.com> wrote:
>
> On 29 Jan 2013, at 10:25, 刘硕 <shuoleo at 126.com> wrote:
>
>> Hi everybody
>>
>> I'm testing AEP Keyper with opendnssec-1.4.0rc2.
>> What I have changed in conf.xml is as follows:
>> <Repository name="SoftHSM">
>> <Module>/opt/Keyper/PKCS11Provider/pkcs11.so</Module>
>> <TokenLabel>xxx</TokenLabel>
>> <PIN>xxx</PIN>
>> <SkipPublicKey/>
>> </Repository>
>> The <Module> and <PIN> and <TokenLabel> are checked and right, the name of Repository is not sure.
>> But opendnssec complains:
>> Jan 29 18:04:15 CST-BJ-103 ods-enforcerd: opendnssec starting...
>> Jan 29 18:04:15 CST-BJ-103 ods-enforcerd: opendnssec forked OK...
>> Jan 29 18:04:15 CST-BJ-103 ods-enforcerd: opendnssec Parent exiting...
>> Jan 29 18:04:15 CST-BJ-103 ods-enforcerd: opendnssec started (version 1.4.0rc2), pid 4496
>> Jan 29 18:04:15 CST-BJ-103 ods-enforcerd: hsm_session_init(): PKCS#11 module load failed: /opt/Keyper/PKCS11Provider/pkcs11.so
>>
>>
>> Does anybody have the experience of testing AEP Keyper with opendnssec?
>>
>>
>
> It is a long time since I used an AEP Keyper but I seem to remember that the library is not called pkcs11.so. IIRC it had a longer name.
We use Keypers, here's the relevant config snippet
<RepositoryList>
<Repository name="default">
<Module>/path/to/keyper/library/pkcs11.GCC4.0.2.so.4.07</Module>
<TokenLabel>OpenDNSSEC</TokenLabel>
<PIN>00000000</PIN>
</Repository>
</RepositoryList>
Iirc we got the library originally from the CD that came with the Keyper, and later when we needed a newer version we got that from AEP support.
dave
More information about the Opendnssec-user
mailing list