Rachid, > so there's no way to use mysql for opendnssec and sofhsm ?
I don't think anybody would/should want MySQL under SoftHSM. SoftHSM implements PKCS #11 which is an API to secure information. Putting that all in a database kind-of defeats that purpose. The reason for using SQLite under SoftHSM is just some form of (file-based) storage; it is not with the idea to have the generic powers of a database unleashed. For the key repository of the enforcer, the story is quite different IMHO. I would want the policy data to easily traverse sites, as that is useful for redundant setups, and the data is not a security concern. I would expect that anyone going through the trouble of redundant setups would also choose an HSM (or perhaps a physical smart card) instead of a SoftHSM. Correct me if my creativity is low on this one though :) Cheers, -Rick _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
