Danny Van den Berg via FreeIPA-users wrote: > I made a syntax error. I applied all the changes but now I'm getting the same > error again. I see two databases right now: > > rgs=['/usr/bin/modutil', '-dbdir', 'sql:/tmp/tmp8sinmy_2', '-nocertdb', > '-add', 'test', '-libfile', '/usr/safenet/lunaclient/lib/libCryptoki2_64.so', > '-force'] > runas=pkiuser (UID 17, GID 17) > supplementary_group=17 (GID 17) > Process finished, return code=22 > stdout= > WARNING: Manually adding a module while p11-kit is enabled could cause > duplicate module registration in your security database. It is suggested > to configure the module through p11-kit configuration file instead. > > Type 'q <enter>' to abort, or <enter> to continue: > > stderr=ERROR: Failed to add module "test". Probable cause : "Unknown PKCS #11 > error.". > > Starting external process > args=['/usr/bin/modutil', '-dbdir', 'sql:/tmp/tmp8sinmy_2', '-list', '-force'] > runas=pkiuser (UID 17, GID 17) > supplementary_group=17 (GID 17) > Process finished, return code=0 > stdout= > Listing of PKCS #11 Modules > ----------------------------------------------------------- > 1. NSS Internal PKCS #11 Module > uri: > pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.101 > slots: 2 slots attached > status: loaded > > slot: NSS Internal Cryptographic Services > token: NSS Generic Crypto Services > uri: > pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 > > slot: NSS User Private Key and Certificate Services > token: NSS Certificate DB > uri: > pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 > > 2. p11-kit-proxy > library name: p11-kit-proxy.so > uri: > pkcs11:library-manufacturer=PKCS%2311%20Kit;library-description=PKCS%2311%20Kit%20Proxy%20Module;library-version=1.1 > slots: 6 slots attached > status: loaded > > But not the HSM tokens I need >
Is a specific POSIX group required to access your HSM? If so you need to add pkiuser to that group. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
