[Pki-users] Utimaco HSM "Not Found" problem

Arshad Noor arshad.noor at strongauth.com
Thu Apr 22 23:56:44 UTC 2010 

No luck.

-------------
# pet105:~> setenforce 0
# pet105:~> TokenInfo /var/lib/subca01/alias
Database Path: /var/lib/subca01/alias
Found external module 'NSS Internal PKCS #11 Module'
# pet105:~>
-------------

Output from audit.log:

-------------
type=MAC_STATUS msg=audit(1271980444.565:345): enforcing=0 
old_enforcing=1 auid=500 ses=5
type=SYSCALL msg=audit(1271980444.565:345): arch=c000003e syscall=1 
success=yes exit=1 a0=3 a1=7fff300dfb20 a2=1 a3=fffffff8 items=0 
ppid=32217 pid=32292 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
sgid=0 fsgid=0 tty=pts4 ses=5 comm="setenforce" 
exe="/usr/sbin/setenforce" 
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
-------------

Arshad Noor
StrongAuth, Inc.

Chandrasekar Kannan wrote:
> On 04/22/2010 04:44 PM, Arshad Noor wrote:
>> Interesting; it did not:
>>
>> # pet105:~> modutil -dbdir /var/lib/subca01/alias/ -nocertdb -list
>>
>> Listing of PKCS #11 Modules
>> -----------------------------------------------------------
>>   1. NSS Internal PKCS #11 Module
>>          slots: 2 slots attached
>>         status: loaded
>>
>>          slot: NSS Internal Cryptographic Services
>>         token: NSS Generic Crypto Services
>>
>>          slot: NSS User Private Key and Certificate Services
>>         token: NSS Certificate DB
>>
>>   2. CryptoServer
>>         library name: /usr/bin/libcs2_pkcs11.so
>>          slots: 1 slot attached
>>         status: loaded
>>
>>          slot: CryptoServer Device '/dev/cs2' - Slot No: 0
>>         token: CBUAETEST
>> -----------------------------------------------------------
>> # pet105:~> TokenInfo /var/lib/subca01/alias
>> Database Path: /var/lib/subca01/alias
>> Found external module 'NSS Internal PKCS #11 Module'
>> # pet105:~>
>>
>> And there were no SELinux errors in the audit log.
> 
> Can you 'setenforce 0' (putting selinux to permissive mode )
> and try one more time ?.
> 
> 
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>>
>> Chandrasekar Kannan wrote:
>>>
>>> Looks like the NSS layer has no problems identifying the token.
>>> can you use this tool and see if the JSS layer can see it as well ?
>>>
>>> http://www.redhat.com/docs/manuals/cert-system/8.0/cli/html/TokenInfo.html 
>>>
>>>
>

More information about the Pki-users mailing list