On Tue, Nov 10, 2009 at 12:27:45PM -0800, Anthony Scarpino wrote: > Will Fiveash wrote: > > I'm confused in regards to the following behavior of pkcs11_softtoken > > and it's object store on a OpenSolaris system (build snv_125): > > If I am logged in to a zone session and I run: > > exec /usr/bin/login > > the pkcs11 code is able to find the cert and private key objects in the > > default user's pkcs11_softtoken object store > > ($HOME/.sunw/pkcs11_softtoken/...). However if I try to login to that > > same zone using zlogin -C to do console login, the pkcs11 code appears > > to try to access "/objstore_info". > > 10954/1: xstat(2, "/objstore_info", 0x08045B00) Err#2 > > ENOENT > > This confuses me. Is this expected behavior? > > The truss of the ttymon session is here: > > /net/alton.central.sun.com/export/public/ttymon-zlogin-consol.truss > > I'm not sure what's going on.. Looking at get_keystore_path(), it appears > to think there is an alternate keystore environment variable set looking at > the functions were called in the truss; even though, the getenv() returned > 0. Did you have SOFTTOKEN_DIR set when you ran the zlogin command?
No, SOFTTOKEN_DIR is not set in the env. of the shell session in which I'm running zlogin -C nor is it set in the env. of the ttymon running in the zone that is exec'ing login in the zone. > Darren has a code review out that was going to change a lot of this code, so > this problem maybe disappearing anyway. I'm using a version of his modified pkcs11_softtoken code in the zone (not in the global zone): -rwxr-xr-x 1 root bin 655604 Oct 29 14:30 pkcs11_softtoken.so.1 -- Will Fiveash Sun Microsystems Office x64079/512-401-1079 Austin, TX, 78727 (TZ=CST6CDT), USA Internal Solaris Kerberos/GSS/SASL website: http://kerberos.sfbay.sun.com http://opensolaris.org/os/project/kerberos/
