Comment 0 for bug 2018908

After installing opencryptoki 3.20.0 on Ubuntu 23.04 the strength.conf file that is installed into /etc/opencryptoki/ has a wrong mode.

After starting pkcsslotrd, command 'pkcsconf -t' shows
     pkcsconf: Error initializing the PKCS11 library: 0x5 (CKR_GENERAL_ERROR)
and the syslog shows:
     usr/lib/api/policy.c POLICY: Configuration file /etc/opencryptoki/strength.conf has wrong permissions!

# ls -l /etc/opencryptoki/strength.conf
-rw-r--r-- 1 root pkcs11 866 Feb 13 09:10 /etc/opencryptoki/strength.conf

So it has a mode of 644, but it must have a mode of 640 ! This is checked by the code, and opencryptoki is not usable if the mode is wrong. The owner "root:pkcs11" is correct.

Circumvention: manually change the mode to 0640. After that 'pkcsconf -t' works.

Note: This affects all architectures where opencryptoki is supported.