Not currently, because the SO can only handle public objects. When to SO logs in, the session enters R/W SO Functions.
R/W SO Functions: The Security Officer has been authenticated to the token. The application has read/write access only to public objects on the token, not to private objects. The SO can set the normal user’s PIN. What we would need are different normal users with different privileges or a configuration parameter that you can change to change between the different access modes. Feature requests and patches are welcome on https://github.com/opendnssec/SoftHSMv2 // Rickard On Tue, Mar 28, 2017 at 1:08 PM, Arun Natarajan <[email protected]> wrote: > Hello, > > Do you see any possibilities of restricting the privileges of user pin in > SoftHSM. Currently the userpin is allowed to add, delete keys from SoftHSM > I believe. I am trying to achieve a solution where the SO pin role can do > those key addition, deletion and user pin just read the available keys. > > Regards, > > -- > arun > > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > >
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
