[Opendnssec-user] Problem with OpenBSD

François RONVAUX francois.ronvaux at gmail.com
Tue Apr 6 21:41:32 UTC 2021 

Hello,

My server runs OpenBSD v6.8 with the softwares from the official OpenBSD
packages repositories :  OpenDNSSEC v 2.1.6.p0 and SoftHSM2 v2.6.1p0.

I follow this guide (that is not very old) :
https://toutetrien.lithio.fr/article/signer-sa-zone-dns-avec-opendnssec

When I lauch the service with "rcctl start opendnssec", I get this in the
log...

$ cat /var/log/daemon
ods-kaspcheck: INFO: The XML in /etc/opendnssec/conf.xml is valid
ods-kaspcheck: INFO: The XML in /etc/opendnssec/kasp.xml is valid
ods-kaspcheck: WARNING: In policy default, Y used in duration field for
Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be
interpreted as 365 days
ods-kaspcheck: WARNING: In policy lab, Y used in duration field for
Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be
interpreted as 365 days
ods-kaspcheck: INFO: The XML in /etc/opendnssec/zonelist.xml is valid
ods-enforcerd: [engine] running as pid 92618
ods-enforcerd: [engine] enforcer started
ods-enforcerd: [engine] hsm_get_slot_id(): could not find token with the
name OpenDNSSEC
ods-enforcerd: [engine] fail to start enforcerd completely
ods-enforcerd: setup failed: HSM error
ods-enforcerd: [engine] enforcer shutdown
ods-enforcerd: [engine] enforcerd (pid: 92618) stopped with exitcode 3

I do not understand because SoftHSM has the good token :
$ softhsm2-util --show-slots
Available slots:
Slot 399449823
    Slot info:
        Description:      SoftHSM slot ID 0x17cf1edf
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:    39e5880397cf1edf
        Initialized:      yes
        User PIN init.:   yes
        Label:            OpenDNSSEC
Slot 1
    Slot info:
        Description:      SoftHSM slot ID 0x1
        Manufacturer ID:  SoftHSM project
        Hardware version: 2.6
        Firmware version: 2.6
        Token present:    yes
    Token info:
        Manufacturer ID:  SoftHSM project
        Model:            SoftHSM v2
        Hardware version: 2.6
        Firmware version: 2.6
        Serial number:
        Initialized:      no
        User PIN init.:   no
        Label:

I did not find explanations on Google, this is why I post here.

Can someone help me ?

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20210406/3089bb57/attachment.htm>

More information about the Opendnssec-user mailing list