Add helpful hints to the ARM about generating pin files for HSMs when using BIND build with --enable-native-pkcs11
It may not be true of all HSM providers and their PKCS#11 lib, but in at least one instance we've encountered, how you generate the pin file is very significant - having a trailing newline or similar will make the difference between the pin being accepted or the authentication failing.
Examples of how to generate an HSM pin file without a newline:
$ echo -n 1234 > hsmpin
or
$ printf 1234 > hsmpin
Easily verified as being clean of any additional characters using wc:
$ wc -l < hsmpin
0
or
$ wc < hsmpin
0 1 4
(The wc order of output always takes the form of line, word,byte, and file name.)
For comparison, this is a pin file that was not accepted by an HSM because 'echo' without -n adds the newline by default in this particular test environment:
$ echo 1234 > hsmpin
$ wc -l < hsmpin
1
$ wc < hsmpin
1 1 5
(From Support ticket #14117 )