[Opendnssec-user] SoftHSM userpin

Rickard Bellgrim rickard at opendnssec.org
Wed Mar 29 17:41:50 UTC 2017


Not currently, because the SO can only handle public objects. When to SO
logs in, the session enters R/W SO Functions.

R/W SO Functions:
The Security Officer has been authenticated to the token. The application
has read/write access only to public objects on the token, not to private
objects. The SO can set the normal user’s PIN.

What we would need are different normal users with different privileges or
a configuration parameter that you can change to change between the
different access modes.

Feature requests and patches are welcome on
https://github.com/opendnssec/SoftHSMv2

// Rickard

On Tue, Mar 28, 2017 at 1:08 PM, Arun Natarajan <arun at arunns.com> wrote:

> Hello,
>
>  Do you see any possibilities of restricting the privileges of user pin in
> SoftHSM. Currently the userpin is allowed to add, delete keys from SoftHSM
> I believe. I am trying to achieve  a  solution where the SO pin role can do
> those key addition, deletion and user pin just read the available keys.
>
> Regards,
>
> --
> arun
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170329/41867198/attachment.htm>


More information about the Opendnssec-user mailing list