Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> General >> Talk to the Sysop

libpkcs11: Unable to contact kcfd: Bad file number

This started happening after I accidentally disabled and reenabled "cyptosvc". Now sshd is dead, too and cryptosvc cannot be restarted, I cannot log into the system, and there's a bunch of garbage in /var/adm/messages:

Anyone have any ideas?

May 22 09:59:44 ns4b named[25046]: [ID 866145 daemon.notice] command channel listening on 127.0.0.1#953

May 22 10:00:33 ns4b named[25060]: [ID 866145 daemon.notice] starting BIND 9.3.2 -c /opt/namesurfer/named/namedb/named.conf -u namesurf

May 22 10:00:34 ns4b named[25060]: [ID 866145 daemon.notice] command channel listening on 127.0.0.1#953

May 22 16:03:16 ns4b sshd[25834]: [ID 970222 auth.error] libpkcs11: Unable to contact kcfd: Bad file number

May 22 16:03:16 ns4b sshd[25834]: [ID 523743 auth.error] libpkcs11: /usr/lib/security/pkcs11_softtoken.so unexpected failure in ELF signature verification. System may have been tampered with. Cannotcontinue parsing /etc/crypto/pkcs11.conf

May 22 16:03:16 ns4b sshd[25834]: [ID 530472 auth.error] Kerberos mechanism library initialization error: unknown error.

\

[1145 byte] By [wsandersa] at [2007-11-27 5:18:34]
«« Need to call two Servlets with one action
»» Generating Report using Java.
# 1
I thought it best to remove the Sun sshd and replace it with the Sunfreeware one, rather then depend on svcmgr's flakiness for such an important service. I also disabled cryptosvc, apparently to no ill effect.
wsandersa at 2007-7-12 10:41:45 > top of Java-index,General,Talk to the Sysop...
# 2
Personally, Ive found the smf framework to be extremely reliable.But, yes you can shoot yourself in the foot..
robert.cohena at 2007-7-12 10:41:45 > top of Java-index,General,Talk to the Sysop...
# 3

Thanks for the comments, robert. I'm sure I shot myself int the foot somewhere, and possibly the fault lies with kcfd and not with smf.

I was configuring three hosts, two newly installed with the latest patch levels and one about a year old, at about May 2006 patch level. I performed what I think were identical smf commands on all 3, removing a few packages and disabling a few services I thought I did not need in an attempt to configure all 3 hosts as identically as possible.

This goes back to the question I posted in my thread about disabling RPC - there does not seem to be an easy or documented way to clone a "profile" from one host to another. In fact, the easy way seems to be to physically mirror disks if you can and transport the mirror to the other host (assuming identical hardware.)

On the OpenSolaris forums, they were talking about this two years ago, and they are still talking about it now.

I'm still committed to learning smf, especially since Linux distros are adopting similar frameworks. I've gotten out of the habit of grovelling around in huge XML files, but I guess it's time to do that again.

-w

wsandersa at 2007-7-12 10:41:45 > top of Java-index,General,Talk to the Sysop...
General
Talk to the Sysop

General Hot Topic

General

All Classified