<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Please review the attached patch that resolves the following issue:<br>
<ul>
<li><a href="https://fedorahosted.org/pki/ticket/1415">PKI TRAC
Ticket #1415 - nCipher HSM: Add 'pkiuser' to 'nfast' group</a></li>
</ul>
<p>The patch was applied and successfully tested on a VM containing
an nCipher nethsm:<br>
</p>
<blockquote># cat /etc/group | grep nfast<br>
nfast:x:995:<br>
<br>
# pkispawn -s CA -f /root/mlh/pki-master-mlh.inf -vvv<br>
<br>
# cat /etc/group | grep nfast<br>
nfast:x:995:pkiuser<br>
<br>
# cd /var/lib/pki/pki-master-mlh/alias<br>
<br>
# modutil -dbdir . -list <br>
<br>
Listing of PKCS #11 Modules<br>
-----------------------------------------------------------<br>
1. NSS Internal PKCS #11 Module<br>
slots: 2 slots attached<br>
status: loaded<br>
<br>
slot: NSS Internal Cryptographic Services<br>
token: NSS Generic Crypto Services<br>
<br>
slot: NSS User Private Key and Certificate Services<br>
token: NSS Certificate DB<br>
<br>
2. nfast<br>
library name: /opt/nfast/toolkits/pkcs11/libcknfast.so<br>
slots: 2 slots attached<br>
status: loaded<br>
<br>
slot: 061C-37A2-3CB3 Rt1<br>
token: accelerator<br>
<br>
slot: 061C-37A2-3CB3 Rt1 slot 0<br>
token: NHSM6000<br>
-----------------------------------------------------------<br>
<br>
# certutil -d . -L<br>
<br>
Certificate Nickname Trust
Attributes<br>
SSL,S/MIME,JAR/XPI<br>
<br>
casigningcert-MLH
CT,C,C<br>
caauditsigningcert-MLH ,,P
<br>
<br>
# certutil -d . -h NHSM6000 -f /root/mlh/hsm_password -L<br>
<br>
Certificate Nickname Trust
Attributes<br>
SSL,S/MIME,JAR/XPI<br>
<br>
NHSM6000:casigningcert-MLH
CTu,Cu,Cu<br>
NHSM6000:caocspsigningcert-MLH u,u,u<br>
NHSM6000:Server-Cert cert-pki-RootCA-MLH u,u,u<br>
NHSM6000:casubsystemcert-MLH u,u,u<br>
NHSM6000:caauditsigningcert-MLH
u,u,Pu<br>
<br>
</blockquote>
</body>
</html>