Re: [opencryptoki-users] Opencrptoki & Strongswan 4.1
Brought to you by:
ebarretto
Menu
▾
▴
Re: [opencryptoki-users] Opencrptoki & Strongswan 4.1
|
From: David M. <bl...@gm...> - 2007-04-05 02:08:14
|
On 4/4/07, Tom Lendacky <to...@us...> wrote: > Is Strongswan running under your userid when attempting to access the > cert/key through the PKCS#11 api? The TPM token store is a per-user > token store. So if Strongswan is running as daemon under a specific > user then you will need to store your cert/key as the Strongswan daemon > user. You will then need to be sure that Strongswan provides the proper > pin to the PKCS#11 api in order to access the cert/key objects. Strongswan is running as root, the token was stored as root. The pin failure seems pretty instantaneous, which I find suspicious. The tpmtoken commands take a few seconds to verify the pin. I've got strongswan using PKCS11_API.so as it's pkcs module. I suspect it's possibly a strongswan issue. People tend to use OpenSC for PKCS11 support, so that's what tends to get tested :-/ I'll try and trace through what's happening, it just gets a bit messy between all the processes, and daemons floating around, was hoping someone had come across this use before. -David > > Tom > > > > > I've pinged the strongswan-users list as well, but was just curious if > > anyone had tried this setup before and had some hints? > > > > Thanks, > > -David > > > > > ------------------------------------------------------------------------- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > > opinions on IT & business topics through brief surveys-and earn cash > > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > > opencryptoki-users mailing list > > ope...@li... > > > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > |
