From: Aki Tuomi Date: Sun, 17 May 2015 15:52:02 +0000 (+0300) Subject: Update documentation to reflect changes X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~28^2~42^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d99e60ee982c6adcd4c4c353cbe39c89a916297;p=thirdparty%2Fpdns.git Update documentation to reflect changes --- diff --git a/docs/manpages/pdns_control.1.md b/docs/manpages/pdns_control.1.md index 1a9803c11c..a785fcfbfe 100644 --- a/docs/manpages/pdns_control.1.md +++ b/docs/manpages/pdns_control.1.md @@ -107,6 +107,9 @@ status : Show usage statistics. This only works if the server is running in guardian mode. +token-login *MODULE* *SLOT* *PIN* +: Log on to a PKCS#11 slot. + uptime : Show the uptime of the running server. diff --git a/docs/markdown/authoritative/dnssec.md b/docs/markdown/authoritative/dnssec.md index edd967d5fb..cffa434cd0 100644 --- a/docs/markdown/authoritative/dnssec.md +++ b/docs/markdown/authoritative/dnssec.md @@ -315,6 +315,9 @@ For further details, please see [the `pdnssec`](#pdnssec) documentation. **Note**: This feature is experimental, and not ready for production. Use at your own risk! To enable it, compile PowerDNS Authoritative Server using --enable-experimental-pkcs11 flag on configure. This requires you to have p11-kit libraries and headers. +You can also log on to the tokens after starting server, in this case you need to edit your PKCS#11 cryptokey record and remove PIN or set it empty. PIN is required +for assigning keys to zone. + Instructions on how to setup SoftHSM to work with the feature after compilation on ubuntu/debian (tested with Ubuntu 12 and 14). - apt-get install softhsm p11-kit opensc - create directory /etc/pkcs11/modules diff --git a/docs/markdown/authoritative/internals.md b/docs/markdown/authoritative/internals.md index a97b5b9871..708b85f884 100644 --- a/docs/markdown/authoritative/internals.md +++ b/docs/markdown/authoritative/internals.md @@ -56,6 +56,9 @@ Retrieve a slave domain from its master. Done nearly immediately. ## `set VARIABLE VALUE` Set a configuration parameter. Currently only the 'query-logging' parameter can be set. +## `token-login MODULE SLOT PIN` +Logs on to a PKCS#11 slot. You only need to login once per slot, even if you have multiple keys on single slot. + ## `uptime` Reports the uptime of the daemon in human readable form.