The user pins can be recovered as long as you still know the pin of the
security officer (SO pin).
If you forget the SO pin you are out of luck. You must reset the pins. To
do that delete
the files NVTOK.DAT, MK_USER and MK_SO from /var/lib/opencryptoki/<token>/
where <token> is "lite" for the ica token, "ccatok" for the cca token and
"swtok" for the software token.
Mit freundlichen Grüßen/Best Regards/Cordialement
Dr. Reinhard Bündgen
RAS & Crypto Architect for Linux on System z
Virtualization and Systems Management
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
So I was asked this about pkcsconf. What if we lose our PINs? Can you
find them or clear them?
I don't know! Where are these kept? It's got to be somewhere on the
server itself or does the HW remember which virtual server has what pin? I
can't think of anything in VM that would keep track of them.
This is for Linux under VM - CRYPTO APVIRT in the directory.
This message may contain confidential and/or privileged information. If
you are not the addressee or authorized to receive this for the addressee,
you must not use, copy, disclose, or take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation.