Kron PAM's security subsystem needs to know which PKCS#11 library to load and which slot on that library to use. This is communicated through a small configuration file placed in the Kron PAM security directory. The file is read by the SunPKCS11 provider at startup to initialise its connection to the PKCS#11 layer.
Create the following file at the path shown. If the /pam/kron/security/hsm/ directory does not yet exist, create it first.
[pamuser@KronPAM_Instance]# mkdir -p /pam/kron/security/hsm/
[pamuser@KronPAM_Instance]# touch /pam/kron/security/hsm/utimaco.conf
Edit the file and provide the necessary configuration details.
name = Utimaco
library = /usr/lib64/libcs_pkcs11_R3.so
slot = 0
The three parameters serve the following purposes: name is an arbitrary label used in JVM logging and diagnostics; library is the absolute path to the Utimaco PKCS#11 shared library deployed in Step 1; slot is the PKCS#11 slot index on the HSM that contains the AES key.