|Summary:||Admin Server problem with mod_nss and NSS 3.12 on F9|
|Product:||[Retired] 389||Reporter:||Rich Megginson <rmeggins>|
|Component:||Admin||Assignee:||Rich Megginson <rmeggins>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Chandrasekar Kannan <ckannan>|
|Version:||1.1.1||CC:||benl, jgalipea, nkinder|
|Fixed In Version:||8.1||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2009-04-29 23:06:22 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
|Bug Blocks:||249650, 452721|
Description Rich Megginson 2008-09-03 15:07:26 UTC
The initialization order for NSS has changed with 3.12, introduced in Fedora 9. mod_nss has changed to accommodate this, but this has broken the admin server. The admin server needs to do NSS initialization like mod_nss does it.
Comment 2 Rich Megginson 2008-09-03 18:40:07 UTC
Checking in mod_admserv/mod_admserv.c; /cvs/dirsec/mod_admserv/mod_admserv.c,v <-- mod_admserv.c new revision: 1.34; previous revision: 1.33 done Reviewed by: nkinder (Thanks!) Fix Description: Admin Server must make sure to do the NSS initialization after mod_nss has done so. NSS 3.12 (introduced in Fedora 9) requires that processes must perform NSS initialization after calling fork() in each child process. Apache provides a hook to do this. I mostly just copied the init code from mod_nss, so that the init is done the same way that mod_nss does it. Without this patch, I get strange errors when starting the Admin Server with SSL enabled, such as "Password for internal slot is incorrect". With the patch, everything works fine. Platforms tested: Fedora 9 Flag Day: no Doc impact: no
Comment 3 Jenny Severance 2009-03-30 20:43:37 UTC
Is this bug valid for RH DS?
Comment 4 Rich Megginson 2009-03-30 20:53:15 UTC
Yes, because we use NSS 3.12 on all platforms now.
Comment 5 Jenny Severance 2009-04-15 19:07:00 UTC
okay - what kind of "strange errors" should I looke for if the Admin Server is started with SSL setup? :-)
Comment 6 Rich Megginson 2009-04-15 19:16:46 UTC
If admin server starts up and works with SSL enabled, then all is well.
Comment 7 Jenny Severance 2009-04-15 19:19:32 UTC
okay - I have already done this with RHEL 4 today verifying bug 465822 - Verified.
Comment 8 Chandrasekar Kannan 2009-04-29 23:06:22 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html