-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> That in fact is exactly what SoftHSMv2 does. Building bind with native pkcs11 pointing to SoftHSMv2 then requires softhsm setup and pin code generation. Bind cannot automatically generate/use keys, in the same manner as a default non-pkcs11 build. What I am looking for (and I think this is the same as what redhat wants), is the ability to build a bind binary (and associated utilities) that via some configuration changes runs with either: 1) no pin codes or other user input, keys stored on disk, possibly in clear text files just like the current /var/named/K* files we get with non-pkcs11 builds. OR 2) softhsm or other real hsm provider, with the keys in internal hsm storage. Building bind with native pkcs11 pointing to SoftHSMv2 comes very close to that, but as far as I can see, it still requires extra manual setup and the use of pin codes to unlock the keys. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlW6a4sACgkQL6j7milTFsGNegCfVxTtdG4zgeJcciRrSDbIQbKh zJYAni65S4sMCVoHJwpKzX1caFPAixld =OP6Q -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
