Discussion:
[Opendnssec-user] SoftHSM userpin
Arun Natarajan
2017-03-28 11:08:47 UTC
Permalink
Hello,

Do you see any possibilities of restricting the privileges of user pin in
SoftHSM. Currently the userpin is allowed to add, delete keys from SoftHSM
I believe. I am trying to achieve a solution where the SO pin role can do
those key addition, deletion and user pin just read the available keys.

Regards,

--
arun
Rickard Bellgrim
2017-03-29 17:41:50 UTC
Permalink
Not currently, because the SO can only handle public objects. When to SO
logs in, the session enters R/W SO Functions.

R/W SO Functions:
The Security Officer has been authenticated to the token. The application
has read/write access only to public objects on the token, not to private
objects. The SO can set the normal user’s PIN.

What we would need are different normal users with different privileges or
a configuration parameter that you can change to change between the
different access modes.

Feature requests and patches are welcome on
https://github.com/opendnssec/SoftHSMv2

// Rickard
Post by Arun Natarajan
Hello,
Do you see any possibilities of restricting the privileges of user pin in
SoftHSM. Currently the userpin is allowed to add, delete keys from SoftHSM
I believe. I am trying to achieve a solution where the SO pin role can do
those key addition, deletion and user pin just read the available keys.
Regards,
--
arun
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
Loading...