Hello,
I'm trying to configure bind 9.10.2 to work with native pkcs#11 linked
to nShield Connect HSM.
When accesing keys in HSM a PIN code is required as keys are protected
by a softcard.
dnssec-keyfromlabel command accepts reading PIN from file (using
"pin-source" keyword),but others
like dnssec-signzone don't have something similar and the PIN has to be
entered manualy.
My question is about auto-dnssec feature that maintain zone by
internally signing RRs.
How this feature will work without a PIN since BIND needs access to
private key when it needs
to resign automatically and i did't find a way to provide the PIN
throught configuration files ?
Best regards,
Catalin LEANCA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
