[Fedora-directory-users] Error -8127 with hardware acceleration/Token

Yann Cloatre pub at cloatre.com
Wed Jan 9 21:06:59 UTC 2008


Hello all,

I use DS Fedora LDAP on Solaris 9.
I try to use a crypto accelerator 4000 board (SUN) with Fedora.
(FYI;
http://www.sun.com/products/networking/sslaccel/suncryptoaccel4000/index.xml
)

I've a certificate store on the board, with a certificates inside.
User is define on the board to access this certificate store.

I patched Fedora with a modified script from SUN to enabled this certificate
store in Sun One server.
It's work and i can see 3 certificates store in the window "Manage
Certificate" :
- Internal (Software)
- Acceleration only (Sun Doc don't selected this one, FYI
http://docs.sun.com/app/docs/coll/crypto-accel4000  mine is 1.1 for Solaris
9)
- MYCERTIFICATESTORE

In GUI, each time Fedora need to access inside MYCERTIFICATESTORE, ask me a
password. It's the password define in the accelerator board. So, i enter in
th password box ;   "user:password" and Fedora display the related
information.

So everything is ok, i can enable encryption and select my certificate in
MYCERTIFICATESTORE for LDAPs.

But, when i try to restart Fedora ;

[09/Jan/2008:19:34:55 +0000] - SSL alert: Security Initialization: Unable to
find slot (Netscape Portable Runtime error -8127 - The security card or
token does not exist, needs to be initialized, or has been removed.)
[09/Jan/2008:19:34:55 +0000] - ERROR: SSL Initialization Failed

I try to define password in the slapd-servname-pin.txt in alias directory
with a format like ;
Internal (Software) Token:password
MYCERTIFICATESTORE:ldap-admin:password0

But nothing, impossible to restart. Perhaps, the problem is related to the
password format (ldap-admin:password0), but i must provide username and
password to Fedora if the application want access the token.
It's work well in GUI interface and i don't understand why Fedora seems to
not find my token at startup ?

Help appreciate.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080109/77199535/attachment.htm>


More information about the Fedora-directory-users mailing list