Yann Cloatre
2008-Jan-09 21:06 UTC
[Fedora-directory-users] Error -8127 with hardware acceleration/Token
Hello all, I use DS Fedora LDAP on Solaris 9. I try to use a crypto accelerator 4000 board (SUN) with Fedora. (FYI; http://www.sun.com/products/networking/sslaccel/suncryptoaccel4000/index.xml ) I''ve a certificate store on the board, with a certificates inside. User is define on the board to access this certificate store. I patched Fedora with a modified script from SUN to enabled this certificate store in Sun One server. It''s work and i can see 3 certificates store in the window "Manage Certificate" : - Internal (Software) - Acceleration only (Sun Doc don''t selected this one, FYI http://docs.sun.com/app/docs/coll/crypto-accel4000 mine is 1.1 for Solaris 9) - MYCERTIFICATESTORE In GUI, each time Fedora need to access inside MYCERTIFICATESTORE, ask me a password. It''s the password define in the accelerator board. So, i enter in th password box ; "user:password" and Fedora display the related information. So everything is ok, i can enable encryption and select my certificate in MYCERTIFICATESTORE for LDAPs. But, when i try to restart Fedora ; [09/Jan/2008:19:34:55 +0000] - SSL alert: Security Initialization: Unable to find slot (Netscape Portable Runtime error -8127 - The security card or token does not exist, needs to be initialized, or has been removed.) [09/Jan/2008:19:34:55 +0000] - ERROR: SSL Initialization Failed I try to define password in the slapd-servname-pin.txt in alias directory with a format like ; Internal (Software) Token:password MYCERTIFICATESTORE:ldap-admin:password0 But nothing, impossible to restart. Perhaps, the problem is related to the password format (ldap-admin:password0), but i must provide username and password to Fedora if the application want access the token. It''s work well in GUI interface and i don''t understand why Fedora seems to not find my token at startup ? Help appreciate. Thank you.
Rich Megginson
2008-Jan-10 23:15 UTC
Re: [Fedora-directory-users] Error -8127 with hardware acceleration/Token
Yann Cloatre wrote:> Hello all, > > I use DS Fedora LDAP on Solaris 9. > I try to use a crypto accelerator 4000 board (SUN) with Fedora. > (FYI; > http://www.sun.com/products/networking/sslaccel/suncryptoaccel4000/index.xml > <http://www.sun.com/products/networking/sslaccel/suncryptoaccel4000/index.xml>) > > I''ve a certificate store on the board, with a certificates inside. > User is define on the board to access this certificate store. > > I patched Fedora with a modified script from SUN to enabled this > certificate store in Sun One server. > It''s work and i can see 3 certificates store in the window "Manage > Certificate" : > - Internal (Software) > - Acceleration only (Sun Doc don''t selected this one, FYI > http://docs.sun.com/app/docs/coll/crypto-accel4000 mine is 1.1 for > Solaris 9) > - MYCERTIFICATESTORE > > In GUI, each time Fedora need to access inside MYCERTIFICATESTORE, ask > me a password. It''s the password define in the accelerator board. So, > i enter in th password box ; "user:password" and Fedora display the > related information. > > So everything is ok, i can enable encryption and select my certificate > in MYCERTIFICATESTORE for LDAPs. > > But, when i try to restart Fedora ; > > [09/Jan/2008:19:34:55 +0000] - SSL alert: Security Initialization: > Unable to find slot (Netscape Portable Runtime error -8127 - The > security card or token does not exist, needs to be initialized, or has > been removed.) > [09/Jan/2008:19:34:55 +0000] - ERROR: SSL Initialization Failed > > I try to define password in the slapd-servname-pin.txt in alias > directory with a format like ; > Internal (Software) Token:password > MYCERTIFICATESTORE:ldap-admin:password0 > > But nothing, impossible to restart. Perhaps, the problem is related to > the password format (ldap-admin:password0), but i must provide > username and password to Fedora if the application want access the token. > It''s work well in GUI interface and i don''t understand why Fedora > seems to not find my token at startup ?Did you try just using MYCERTIFICATESTORE:password ?> > Help appreciate. > > Thank you. > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >