Re: [Opendnssec-user] Re: ods-enforcerd: Error creating key in repository SoftHSM-KSK

Jarno Huuskonen Sun, 31 Aug 2014 07:33:49 -0700

Hi,

On Sun, Aug 31, Abdalmonem Tharwat Galila wrote:
> >> What do you have in softhsm.conf (/etc/softhsm.conf) ?
> 
> 0:/var/softhsm/slot0.db
> 1:/var/softhsm/slot1.db
> 2:/var/softhsm/slot2.db
> 
> >> Is the user account used for ods-enforcerd able to access the files 
> >> defined in softhsm.conf (can change to the directory and read/write the 
> >> files).
> 
> How to get that user , you are talking about ?


What do you have in your opendnssec conf.xml
(/etc/opendnssec/conf.xml?):

Do you have something like:
        <Enforcer>
                <Privileges>
                        <User>ods</User>
                        <Group>ods</Group>
                </Privileges>

and something similar for <Signer> ?

So assuming you have <User>ods</User> can you try for example:
su - -s/bin/bash ods
and after su (as user ods)
cd /var/softhsm
ls -l slot*.db
ls -l .

Also after su can you check that your /var/named/zones/conf/ is
accessible:
(ls -l /var/named/zones/conf)
and
cd /var/named/zones/conf # if you get permission denied then
check that /var/named, /var/named/zones and /var/named/zones/conf
permissions allow access (for example ls -l).

-Jarno

-- 
Jarno Huuskonen
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Re: [Opendnssec-user] Re: ods-enforcerd: Error creating key in repository SoftHSM-KSK

Reply via email to