[Opendnssec-user] Problem with OpenBSD

[François RONVAUX]

Problem fixed.

Thanks to Pavel who showed me a useful help file.

Le mar. 6 avr. 2021 à 23:41, François RONVAUX <francois.ronvaux at gmail.com>
a écrit :

> Hello,
>
> My server runs OpenBSD v6.8 with the softwares from the official OpenBSD
> packages repositories :  OpenDNSSEC v 2.1.6.p0 and SoftHSM2 v2.6.1p0.
>
> I follow this guide (that is not very old) :
> https://toutetrien.lithio.fr/article/signer-sa-zone-dns-avec-opendnssec
>
> When I lauch the service with "rcctl start opendnssec", I get this in the
> log...
>
> $ cat /var/log/daemon
> ods-kaspcheck: INFO: The XML in /etc/opendnssec/conf.xml is valid
> ods-kaspcheck: INFO: The XML in /etc/opendnssec/kasp.xml is valid
> ods-kaspcheck: WARNING: In policy default, Y used in duration field for
> Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be
> interpreted as 365 days
> ods-kaspcheck: WARNING: In policy lab, Y used in duration field for
> Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be
> interpreted as 365 days
> ods-kaspcheck: INFO: The XML in /etc/opendnssec/zonelist.xml is valid
> ods-enforcerd: [engine] running as pid 92618
> ods-enforcerd: [engine] enforcer started
> ods-enforcerd: [engine] hsm_get_slot_id(): could not find token with the
> name OpenDNSSEC
> ods-enforcerd: [engine] fail to start enforcerd completely
> ods-enforcerd: setup failed: HSM error
> ods-enforcerd: [engine] enforcer shutdown
> ods-enforcerd: [engine] enforcerd (pid: 92618) stopped with exitcode 3
>
> I do not understand because SoftHSM has the good token :
> $ softhsm2-util --show-slots
> Available slots:
> Slot 399449823
>     Slot info:
>         Description:      SoftHSM slot ID 0x17cf1edf
>         Manufacturer ID:  SoftHSM project
>         Hardware version: 2.6
>         Firmware version: 2.6
>         Token present:    yes
>     Token info:
>         Manufacturer ID:  SoftHSM project
>         Model:            SoftHSM v2
>         Hardware version: 2.6
>         Firmware version: 2.6
>         Serial number:    39e5880397cf1edf
>         Initialized:      yes
>         User PIN init.:   yes
>         Label:            OpenDNSSEC
> Slot 1
>     Slot info:
>         Description:      SoftHSM slot ID 0x1
>         Manufacturer ID:  SoftHSM project
>         Hardware version: 2.6
>         Firmware version: 2.6
>         Token present:    yes
>     Token info:
>         Manufacturer ID:  SoftHSM project
>         Model:            SoftHSM v2
>         Hardware version: 2.6
>         Firmware version: 2.6
>         Serial number:
>         Initialized:      no
>         User PIN init.:   no
>         Label:
>
> I did not find explanations on Google, this is why I post here.
>
> Can someone help me ?
>
> Thanks in advance.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20210408/6087399f/attachment.htm>