The pkcsslotd daemon manages PKCS#11 objects between PKCS#11-enabled applications. When 2 or more processes are accessing the same cryptographic token, the daemon is notified and updates each application when the token's objects change.
Only one instance of the pkcsslotd daemon should be running on any given host. If a prior instance of pkcsslotd did not shut down cleanly, then it may leave an allocated shared memory segment on the system. The allocated memory segment can be identified by its key and can be safely removed once the daemon is stopped with the ipcrm command, such as:
ipcrm -M 0x6202AB38
The daemon creates the shared memory segment with group ownership by the pkcs11 group. All non-root users that should be able to use openCryptoki need to be members of the group. Only trusted users should be assigned to the group, see the "SECURITY NOTE" in the opencryptoki(7) manual page for details.
opencryptoki(7), opencryptoki.conf(5), pkcsconf(1), pkcsicsf(1), pkcstok_migrate(1).