running named built with --enable-native-pkcs11 without HSM provider library

Tomas Hozza thozza at redhat.com
Wed Aug 6 17:47:06 UTC 2014


----- Original Message -----
> Tomas Hozza <thozza at redhat.com> wrote:
> 
> > Right now it is not possible, and when named is built with
> > --enable-native-pkcs11
> > it can not run without HSM and some PKCS#11 provider library.
> 
> Would using SoftHSM solve your problem?

No. We don't want to install SoftHSM by default, only if explicitly chosen
by the user. Basically we want to enable user to use native-pkcs11 with SoftHSM
if needed. However by default have named running without it.

> http://www.opendnssec.org/softhsm/
> http://ftp.isc.org/isc/bind9/9.10.0-P2/doc/arm/Bv9ARM.ch04.html#id2666009

Yeah, I read the ARM PKCS#11 section, that's why I think it is not possible.
However I wanted to hear some opinions from named guys.

Thanks.

Regards,
-- 
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

PGP: 1D9F3C2D
Red Hat Inc.                               http://cz.redhat.com


More information about the bind-users mailing list