[Pki-users] Utimaco HSM "Not Found" problem

Chandrasekar Kannan ckannan at redhat.com
Mon Apr 26 16:53:18 UTC 2010 

On 04/26/2010 09:51 AM, Arshad Noor wrote:
> Do you have any update on the JSS issue, Chandrasekar?  Thanks.

I don't. We may need to debug the JSS code to figure out
what the problem is....


>
> Arshad Noor
> StrongAuth, Inc.
>
> Arshad Noor wrote:
>> No luck.
>>
>> -------------
>> # pet105:~> setenforce 0
>> # pet105:~> TokenInfo /var/lib/subca01/alias
>> Database Path: /var/lib/subca01/alias
>> Found external module 'NSS Internal PKCS #11 Module'
>> # pet105:~>
>> -------------
>>
>> Output from audit.log:
>>
>> -------------
>> type=MAC_STATUS msg=audit(1271980444.565:345): enforcing=0 
>> old_enforcing=1 auid=500 ses=5
>> type=SYSCALL msg=audit(1271980444.565:345): arch=c000003e syscall=1 
>> success=yes exit=1 a0=3 a1=7fff300dfb20 a2=1 a3=fffffff8 items=0 
>> ppid=32217 pid=32292 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 
>> egid=0 sgid=0 fsgid=0 tty=pts4 ses=5 comm="setenforce" 
>> exe="/usr/sbin/setenforce" 
>> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
>> -------------
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>> Chandrasekar Kannan wrote:
>>> On 04/22/2010 04:44 PM, Arshad Noor wrote:
>>>> Interesting; it did not:
>>>>
>>>> # pet105:~> modutil -dbdir /var/lib/subca01/alias/ -nocertdb -list
>>>>
>>>> Listing of PKCS #11 Modules
>>>> -----------------------------------------------------------
>>>>   1. NSS Internal PKCS #11 Module
>>>>          slots: 2 slots attached
>>>>         status: loaded
>>>>
>>>>          slot: NSS Internal Cryptographic Services
>>>>         token: NSS Generic Crypto Services
>>>>
>>>>          slot: NSS User Private Key and Certificate Services
>>>>         token: NSS Certificate DB
>>>>
>>>>   2. CryptoServer
>>>>         library name: /usr/bin/libcs2_pkcs11.so
>>>>          slots: 1 slot attached
>>>>         status: loaded
>>>>
>>>>          slot: CryptoServer Device '/dev/cs2' - Slot No: 0
>>>>         token: CBUAETEST
>>>> -----------------------------------------------------------
>>>> # pet105:~> TokenInfo /var/lib/subca01/alias
>>>> Database Path: /var/lib/subca01/alias
>>>> Found external module 'NSS Internal PKCS #11 Module'
>>>> # pet105:~>
>>>>
>>>> And there were no SELinux errors in the audit log.
>>>
>>> Can you 'setenforce 0' (putting selinux to permissive mode )
>>> and try one more time ?.
>>>
>>>
>>>>
>>>> Arshad Noor
>>>> StrongAuth, Inc.
>>>>
>>>>
>>>> Chandrasekar Kannan wrote:
>>>>>
>>>>> Looks like the NSS layer has no problems identifying the token.
>>>>> can you use this tool and see if the JSS layer can see it as well ?
>>>>>
>>>>> http://www.redhat.com/docs/manuals/cert-system/8.0/cli/html/TokenInfo.html 
>>>>>
>>>>>
>>>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list