[Pki-devel] [PATCH] add pkiuser to nfast group

Matthew Harmsen mharmsen at redhat.com
Mon Jun 15 22:36:43 UTC 2015 

Please review the attached patch that resolves the following issue:

  * PKI TRAC Ticket #1415 - nCipher HSM: Add 'pkiuser' to 'nfast' group
    <https://fedorahosted.org/pki/ticket/1415>

The patch was applied and successfully tested on a VM containing an 
nCipher nethsm:

    # cat /etc/group | grep nfast
    nfast:x:995:

    # pkispawn -s CA -f /root/mlh/pki-master-mlh.inf -vvv

    # cat /etc/group | grep nfast
    nfast:x:995:pkiuser

    # cd /var/lib/pki/pki-master-mlh/alias

    # modutil -dbdir . -list

    Listing of PKCS #11 Modules
    -----------------------------------------------------------
       1. NSS Internal PKCS #11 Module
          slots: 2 slots attached
         status: loaded

          slot: NSS Internal Cryptographic Services
         token: NSS Generic Crypto Services

          slot: NSS User Private Key and Certificate Services
         token: NSS Certificate DB

       2. nfast
         library name: /opt/nfast/toolkits/pkcs11/libcknfast.so
          slots: 2 slots attached
         status: loaded

          slot: 061C-37A2-3CB3 Rt1
         token: accelerator

          slot: 061C-37A2-3CB3 Rt1 slot 0
         token: NHSM6000
    -----------------------------------------------------------

    # certutil -d . -L

    Certificate Nickname                                         Trust
    Attributes
    SSL,S/MIME,JAR/XPI

    casigningcert-MLH CT,C,C
    caauditsigningcert-MLH                                       ,,P

    # certutil -d . -h NHSM6000 -f /root/mlh/hsm_password -L

    Certificate Nickname                                         Trust
    Attributes
    SSL,S/MIME,JAR/XPI

    NHSM6000:casigningcert-MLH CTu,Cu,Cu
    NHSM6000:caocspsigningcert-MLH                               u,u,u
    NHSM6000:Server-Cert cert-pki-RootCA-MLH                     u,u,u
    NHSM6000:casubsystemcert-MLH                                 u,u,u
    NHSM6000:caauditsigningcert-MLH u,u,Pu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150615/c9d4afcd/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20150615-add-pkiuser-to-nfast-group.patch
Type: text/x-patch
Size: 7300 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150615/c9d4afcd/attachment.bin>

More information about the Pki-devel mailing list