Re: [Pki-users] Utimaco HSM "Not Found" problem
Do you have any update on the JSS issue, Chandrasekar? Thanks.
Arshad Noor
StrongAuth, Inc.
Arshad Noor wrote:
No luck.
-------------
# pet105:~> setenforce 0
# pet105:~> TokenInfo /var/lib/subca01/alias
Database Path: /var/lib/subca01/alias
Found external module 'NSS Internal PKCS #11 Module'
# pet105:~>
-------------
Output from audit.log:
-------------
type=MAC_STATUS msg=audit(1271980444.565:345): enforcing=0
old_enforcing=1 auid=500 ses=5
type=SYSCALL msg=audit(1271980444.565:345): arch=c000003e syscall=1
success=yes exit=1 a0=3 a1=7fff300dfb20 a2=1 a3=fffffff8 items=0
ppid=32217 pid=32292 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts4 ses=5 comm="setenforce"
exe="/usr/sbin/setenforce"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
-------------
Arshad Noor
StrongAuth, Inc.
Chandrasekar Kannan wrote:
> On 04/22/2010 04:44 PM, Arshad Noor wrote:
>> Interesting; it did not:
>>
>> # pet105:~> modutil -dbdir /var/lib/subca01/alias/ -nocertdb -list
>>
>> Listing of PKCS #11 Modules
>> -----------------------------------------------------------
>> 1. NSS Internal PKCS #11 Module
>> slots: 2 slots attached
>> status: loaded
>>
>> slot: NSS Internal Cryptographic Services
>> token: NSS Generic Crypto Services
>>
>> slot: NSS User Private Key and Certificate Services
>> token: NSS Certificate DB
>>
>> 2. CryptoServer
>> library name: /usr/bin/libcs2_pkcs11.so
>> slots: 1 slot attached
>> status: loaded
>>
>> slot: CryptoServer Device '/dev/cs2' - Slot No: 0
>> token: CBUAETEST
>> -----------------------------------------------------------
>> # pet105:~> TokenInfo /var/lib/subca01/alias
>> Database Path: /var/lib/subca01/alias
>> Found external module 'NSS Internal PKCS #11 Module'
>> # pet105:~>
>>
>> And there were no SELinux errors in the audit log.
>
> Can you 'setenforce 0' (putting selinux to permissive mode )
> and try one more time ?.
>
>
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>>
>> Chandrasekar Kannan wrote:
>>>
>>> Looks like the NSS layer has no problems identifying the token.
>>> can you use this tool and see if the JSS layer can see it as well ?
>>>
>>> http://www.redhat.com/docs/manuals/cert-system/8.0/cli/html/TokenInfo.html
>>>
>>>
>
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users