summaryrefslogtreecommitdiff
path: root/p11p-daemon/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'p11p-daemon/README.md')
-rw-r--r--p11p-daemon/README.md35
1 files changed, 24 insertions, 11 deletions
diff --git a/p11p-daemon/README.md b/p11p-daemon/README.md
index 31bea54..e822935 100644
--- a/p11p-daemon/README.md
+++ b/p11p-daemon/README.md
@@ -52,15 +52,17 @@ Compile:
## Configuring p11p-daemon
-Edit config/sys.config to define virtual tokens.
+Edit config/sys.config to define virtual tokens and set other
+configuration options.
A PKCS #11 application ("client"), connecting to p11p-daemon performs
PKCS #11 operations on a virtual token. Each virtual token represents
one or more physical cryptographic devices with a PKCS #11 interface
("tokens").
-Each virtual token has a name, FIXME and a list of PKCS #11 modules,
-i.e. shared libraries.
+Each virtual token has a name and a list of PKCS #11 modules,
+i.e. shared libraries. Other configuration settings have resonable
+defaults and are optional.
### vtoken name
@@ -81,6 +83,10 @@ switch will happen. The number of switches that will happen equals
zero retries, a value of two will result in one retry, and so forth. A
value of zero disables the failover functionality.
+The default failover configuration value equals the number of tokens
+listed in 'modules' minus one, resulting in one attempt being made per
+token.
+
TBD: Rename 'failover' to 'retries'?
#### balance
@@ -88,16 +94,21 @@ TBD: Rename 'failover' to 'retries'?
A virtual token will balance client requests over all configured
tokens in accordance with the configuration parameter 'balance'.
-TODO: Update this section.
-... a list of invocation counts. An
-invocation count is an integer specifying how many times a token
-will be invoked before switching to the next token in the list. The first
-integer in the list corresponds to the first token, the second integer
-to the second token, and so on.
+The 'balance' configuration parameter is a list of invocation counts,
+one per token. An invocation count is an integer specifying how many
+times a token will be used before switching to the next token in the
+list of tokens ('modules'). The first integer in the list corresponds
+to the first token, the second integer to the second token, and so on.
+
+An invocation count of 0 disables load balancing for a given token,
+meaning that once it has been chosen, it will stick.
-The default invocation count is one per token.
-TBD: Make it 10 or something?
+Note that there is no load balancing happening within one client
+session with the p11p-daemon. The invocation count is affected only
+when a client choses a token, which happens at client connect.
+The default invocation count is 0 for all tokens, effectively
+disabling load balancing.
### modules
@@ -107,6 +118,8 @@ Each entry in this list has a name, a path to the shared library to
load and, optionally, an environment to run it in. The environment can
be used to pass configuration to the module.
+TBD: rename to 'tokens'?
+
## Running p11p-daemon
generated by cgit v1.1 at 2025-07-08 10:21:50 +0000