NAME¶
pkcsslotd - shared memory manager for opencryptoki
DESCRIPTION¶
The
pkcsslotd daemon manages PKCS#11 objects between PKCS#11-enabled
applications. When 2 or more processes are accessing the same cryptographic
token, the daemon is notified and updates each application when the token's
objects change.
NOTES¶
Only one instance of the pkcsslotd daemon should be running on any given host.
If a prior instance of pkcsslotd did not shut down cleanly, then it may leave
an allocated shared memory segment on the system. The allocated memory segment
can be identified by its key and can be safely removed once the daemon is
stopped with the ipcrm command, such as:
ipcrm -M 0x6202AB38
In order to prevent a denial of service against the daemon, the shared memory
segment is created with group ownership by the "pkcs11" group. Any
application that requires access to a pkcs11 token must be run by a user who's
a member of the "pkcs11" group.
SEE ALSO¶
- opencryptoki(7),
- pkcsconf(1),
- pk_config_data(5),
- pkcs11_startup(1).