>> Isn't it possible to have opendnssec work with the available tokens, and >> only fail where needed? > > No, that is not possible - libhsm will try to connect to all configured HSMs > at startup.
Ok - understandable. In that case I'd humbly suggest to look if the errors could be less misleading: libhsm seems to mix the token names in its messages. Another example: #bin/ods-hsmutil test keyper Testing repository: keyper Generating 512-bit RSA key... answer.GetCall(KEYGEN2) failed; error 1208Failed hsm_get_slot_id(): could not find token with the name My Token 1 [...] 'My Token 1' is a token associated with the repository 'softHSM', not 'keyper'. The fail is correct for the keyper, though (512 bit not supported). Best, Gilles -- Fondation RESTENA 6, rue Coudenhove-Kalergi L-1359 Luxembourg tel: (+352) 424409 fax: (+352) 422473 _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
