[Pki-users] Utimaco HSM "Not Found" problem

Arshad Noor arshad.noor at strongauth.com
Mon Apr 26 16:51:07 UTC 2010 

Do you have any update on the JSS issue, Chandrasekar?  Thanks.

Arshad Noor
StrongAuth, Inc.

Arshad Noor wrote:
> No luck.
> 
> -------------
> # pet105:~> setenforce 0
> # pet105:~> TokenInfo /var/lib/subca01/alias
> Database Path: /var/lib/subca01/alias
> Found external module 'NSS Internal PKCS #11 Module'
> # pet105:~>
> -------------
> 
> Output from audit.log:
> 
> -------------
> type=MAC_STATUS msg=audit(1271980444.565:345): enforcing=0 
> old_enforcing=1 auid=500 ses=5
> type=SYSCALL msg=audit(1271980444.565:345): arch=c000003e syscall=1 
> success=yes exit=1 a0=3 a1=7fff300dfb20 a2=1 a3=fffffff8 items=0 
> ppid=32217 pid=32292 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
> sgid=0 fsgid=0 tty=pts4 ses=5 comm="setenforce" 
> exe="/usr/sbin/setenforce" 
> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
> -------------
> 
> Arshad Noor
> StrongAuth, Inc.
> 
> Chandrasekar Kannan wrote:
>> On 04/22/2010 04:44 PM, Arshad Noor wrote:
>>> Interesting; it did not:
>>>
>>> # pet105:~> modutil -dbdir /var/lib/subca01/alias/ -nocertdb -list
>>>
>>> Listing of PKCS #11 Modules
>>> -----------------------------------------------------------
>>>   1. NSS Internal PKCS #11 Module
>>>          slots: 2 slots attached
>>>         status: loaded
>>>
>>>          slot: NSS Internal Cryptographic Services
>>>         token: NSS Generic Crypto Services
>>>
>>>          slot: NSS User Private Key and Certificate Services
>>>         token: NSS Certificate DB
>>>
>>>   2. CryptoServer
>>>         library name: /usr/bin/libcs2_pkcs11.so
>>>          slots: 1 slot attached
>>>         status: loaded
>>>
>>>          slot: CryptoServer Device '/dev/cs2' - Slot No: 0
>>>         token: CBUAETEST
>>> -----------------------------------------------------------
>>> # pet105:~> TokenInfo /var/lib/subca01/alias
>>> Database Path: /var/lib/subca01/alias
>>> Found external module 'NSS Internal PKCS #11 Module'
>>> # pet105:~>
>>>
>>> And there were no SELinux errors in the audit log.
>>
>> Can you 'setenforce 0' (putting selinux to permissive mode )
>> and try one more time ?.
>>
>>
>>>
>>> Arshad Noor
>>> StrongAuth, Inc.
>>>
>>>
>>> Chandrasekar Kannan wrote:
>>>>
>>>> Looks like the NSS layer has no problems identifying the token.
>>>> can you use this tool and see if the JSS layer can see it as well ?
>>>>
>>>> http://www.redhat.com/docs/manuals/cert-system/8.0/cli/html/TokenInfo.html 
>>>>
>>>>
>>
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list