-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/25/2014 05:18 PM, Paul Wouters wrote: > On Thu, 25 Sep 2014, Tomas Hozza wrote: > > > I would like to inform everyone about changes I plan to do > > in Fedora 20+ due to Bug 1097752 (Support for native PKCS#11 > > interface - needed by FreeIPA). > > > > Currently there is a bind-pkcs11 package which includes > > couple of utilities needed for working with PKCS#11. > > > > - From the user feedback I got during the past year or so, utilities > > from PKCS#11 didn't work much. I backported the native > > PKCS#11 functionality from Bind 9.10 and plan to add/change > > the following sub-packages: > > Sounds good to me. The only people this would affect are those running > bind with an hsm, and we'd hope they would be on rhel/centos to begin > with. But even if this moves gradually into there, it looks good. Good to hear that. I think Fedora is a great place for people wanting to try it out. I don't expect someone to run it in production enterprise environment on Fedora. > I was hoping bind 9.10+ would be able to do runtime pkcs#11 hsm stuff :/ > without the need for hacking and recompiling. Yeah, I was hoping for the same thing. Unfortunately it is not possible even with BIND 9.10 (which will be in F22). Upstream is opened to patches, but don't have time and interest to do it themselves. - From my point of view the ideal situation would be if BIND could fall back to using OpenSSL if there is no HSM configured (or working). Well, I might look into it in the future, but it is a low priority item for me, too. Unfortunately this adds "yet another" compiled version of named (there is already named-sdb). However the positive thing is that this way it will not change anything for current named users. Thanks for your opinion. Regards, - -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUJDRtAAoJEMWIetUdnzwtU/YIAMwMqdz7p2SUVvDXl46TfAb8 W+kyKxdyYLCyM5Am85bEN70FkLiMMaP1Y1VsGh3IpQr/j67/mX39iZSp8qyMsig0 Z0ooCV1TyupqnYzBzQoHjJE7zMHz/50MNhEkrrBHwel1iXa0As6H2Wiexn/enqQe CkzMnR9fvVNs2kY/htx40MSqSXELegQk0W90XhrvXG7QUx4kcraPAAhJwRjkNezp rrad1Xb19WUDkv2/990bppnkja6lN1I9efKyLDO7jIQ5JVYc4pNK4C6769uP95RO K1WaIEh089XwmVa0JkdiGNRQTId1OtqsSNiKIodsMoBYeoukl85cMi3ldYYoYqk= =N1i5 -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
