Bug 2141356
| Summary: | p11-kit and certutil token interference | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Rob Crittenden <rcritten> |
| Component: | nss | Assignee: | Bob Relyea <rrelyea> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 35 | CC: | crypto-team, elio.maldonado.batiz, kai-engert-fedora, rrelyea |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-09 16:57:54 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Rob Crittenden
2022-11-09 14:58:15 UTC
Ithe proxy server is always configured when installed. If you don't want a token to be installed globally, you need to install it with modutil in just the databases you want to use it with. So our step 1) is a global step. If you instead installed it with modutil in your first database, everything will work as you expected. (Work around hack note: If you really did want the module installed globally, but you want to do some little thing on the side, you can disable all global operations by setting: export NSS_IGNORE_SYSTEM_POLICY=1. NOTE: this also turns off system policy as well, so it's not really a solution if you are wanting to run multiple servers where one server is not using the HSM, but it's probably OK for a setup script). |