The pkcsslotd daemon manages PKCS#11 objects between PKCS#11-enabled applications. When 2 or more processes are accessing the same cryptographic token, the daemon is notified and updates each application when the token's objects change.


Only one instance of the pkcsslotd daemon should be running on any given host. If a prior instance of pkcsslotd did not shut down cleanly, then it may leave an allocated shared memory segment on the system. The allocated memory segment can be identified by its key and can be safely removed once the daemon is stopped with the ipcrm command, such as:

ipcrm -M 0x6202AB38

In order to prevent a denial of service against the daemon, the shared memory segment is created with group ownership by the "pkcs11" group. Any application that requires access to a pkcs11 token must be run by a user who's a member of the "pkcs11" group.

RELATED TO pkcsslotd…