Re: [Pki-users] Utimaco HSM "Not Found" problem

Do you have any update on the JSS issue, Chandrasekar? Thanks.

Arshad Noor StrongAuth, Inc. Arshad Noor wrote: > No luck. > > ------------- > # pet105:~> setenforce 0 > # pet105:~> TokenInfo /var/lib/subca01/alias > Database Path: /var/lib/subca01/alias > Found external module 'NSS Internal PKCS #11 Module' > # pet105:~> > ------------- > > Output from audit.log: > > ------------- > type=MAC_STATUS msg=audit(1271980444.565:345): enforcing=0 > old_enforcing=1 auid=500 ses=5 > type=SYSCALL msg=audit(1271980444.565:345): arch=c000003e syscall=1 > success=yes exit=1 a0=3 a1=7fff300dfb20 a2=1 a3=fffffff8 items=0 > ppid=32217 pid=32292 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=pts4 ses=5 comm="setenforce" > exe="/usr/sbin/setenforce" > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) > ------------- > > Arshad Noor > StrongAuth, Inc. > > Chandrasekar Kannan wrote: >> On 04/22/2010 04:44 PM, Arshad Noor wrote: >>> Interesting; it did not: >>> >>> # pet105:~> modutil -dbdir /var/lib/subca01/alias/ -nocertdb -list >>> >>> Listing of PKCS #11 Modules >>> ----------------------------------------------------------- >>> 1. NSS Internal PKCS #11 Module >>> slots: 2 slots attached >>> status: loaded >>> >>> slot: NSS Internal Cryptographic Services >>> token: NSS Generic Crypto Services >>> >>> slot: NSS User Private Key and Certificate Services >>> token: NSS Certificate DB >>> >>> 2. CryptoServer >>> library name: /usr/bin/libcs2_pkcs11.so >>> slots: 1 slot attached >>> status: loaded >>> >>> slot: CryptoServer Device '/dev/cs2' - Slot No: 0 >>> token: CBUAETEST >>> ----------------------------------------------------------- >>> # pet105:~> TokenInfo /var/lib/subca01/alias >>> Database Path: /var/lib/subca01/alias >>> Found external module 'NSS Internal PKCS #11 Module' >>> # pet105:~> >>> >>> And there were no SELinux errors in the audit log. >> >> Can you 'setenforce 0' (putting selinux to permissive mode ) >> and try one more time ?. >> >> >>> >>> Arshad Noor >>> StrongAuth, Inc. >>> >>> >>> Chandrasekar Kannan wrote: >>>> >>>> Looks like the NSS layer has no problems identifying the token. >>>> can you use this tool and see if the JSS layer can see it as well ? >>>> >>>> http://www.redhat.com/docs/manuals/cert-system/8.0/cli/html/TokenInfo.html >>>> >>>> >> > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users