On 6 sep 2010, at 08.20, Rickard Bellgrim wrote: > The problem is that we use the token label as the unique identifier for the > HSM and not the label and pin pair. We connect to the first occurrence of the > token label.
Or maybe it should work. It depends on whether there is a single slot with two tokens. Which token to use is selected by the PKCS#11 provider when you login. I probably should dive into our code and have a look. Maybe you could use: /usr/lib/pkcs11/pkcs11-spy.so Use that path in conf.xml for the two repositories. And set the following: export PKCS11SPY=/usr/lib/pkcs11/PKCS11_API.so You will now get an output of the communication between ods-hsmutil and your HSM. This information is helpful when debugging PKCS#11. Could I get this information from you off-list? Thanks // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
