SUSE Support

Here When You Need Us

Applying openCryptoki 2.4-0.11.1 Breaks Crypto Group Access

This document (7011884) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 2

Situation

Applying the openCryptoki 2.4-0.11.1 patch breaks results in the following error when trying to access the crypto engine:

Error initializing the PKCS11 library: 0x6 (CKR_FUNCTION_FAILED)

Resolution

The issue has been reported to engineering, but the following workaround will remedy the issue:

Workaround
In a terminal logged in as root, browse to the /var/lock folder and change the permissions on the opencryptoki folder form 700 to 770.  This will allow group read/write/execute permissions to the folder, which the group needs for openCryptoki to work.
    1. cd /var/lock

2. chmod 770 opencryptoki

When looking at the long out put file permissions it should look like:

    drwxrwx--- 2 root pkcs11 4096 Nov 14 23:49 opencryptoki/

Cause

When installed openCryptoki 2.4-0.11.1 creates a folder /var/lock/opencryptoki.  Upon creation, the default permissions are set to 700:

    drwx------ 2 root pkcs11 4096 Nov 14 23:49 opencryptoki/

which does not allow group access to the directory for pksc11.  Without group access, root is the only user that can use the crypto engine.

Additional Information

Issue reported to engineering

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011884
  • Creation Date: 05-Mar-2013
  • Modified Date:28-Sep-2022
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.