Bug 209517

Summary: NSS could provide a function to get token specific identifier
Product: [Fedora] Fedora Reporter: Ray Strode [halfline] <rstrode>
Component: nssAssignee: Bob Relyea <rrelyea>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: rrelyea
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-03 16:37:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ray Strode [halfline] 2006-10-05 18:52:13 UTC 
As part of the smart card login efforts, we need a way to uniquely identify
tokens.  We currently look at the login token name and say that it's not a
supported configuration to have more than one token with the same name.

Ideally, NSS would provide a GetTokenUUID() function or similiar that is always
unique the token.  Maybe this function could be the concatentation (or hash?) of
the token's serial number and label.

The serial number of the token isn't suffient on it's own, because apparently, a
fair number of tokens on the market don't give unique serial numbers from token
to token.
Comment 1 Kai Engert (:kaie) (inactive account) 2006-10-06 22:20:11 UTC 
Reassigning to Bob, who is working on NSS features.
I wonder if this should rather be tracked in bugzilla.mozilla.org component NSS
as an enhancement request.
Comment 2 Fedora Admin XMLRPC Client 2010-09-07 20:44:09 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Bob Relyea 2021-11-03 16:37:11 UTC 
I believe this is solved with pk11uri support. If there isn't enough information to uniquely identify a token, then we need to go back to OASIS PKCS#11.