Bug 616552

Summary: Mozilla NSS - delay token auth until needed
Product: [Fedora] Fedora Reporter: Rich Megginson <rmeggins>
Component: openldapAssignee: Jan Vcelak <jvcelak>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: jvcelak, jzeleny, rmeggins, tsmetana
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 616558 (view as bug list) Environment:
Last Closed: 2010-07-22 08:25:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 616558    
Attachments:
Description Flags
openldap-2.4.22-initauthtoken.patch none

Description Rich Megginson 2010-07-20 19:05:22 UTC 
Created attachment 433242 [details]
openldap-2.4.22-initauthtoken.patch

Description of problem:

The code was doing all of the authentications to all of the tokens during the
init phase.  This was causing problems with NSS cert/key clients, prompting for
the cert/key db password, when it isn't needed, since it is only needed to get
private key information.  The patch is to just remove the token authentication
during init.  The code already authenticates to the token when private key
information is needed e.g. running in TLS/SSL server mode, or using client cert
auth.

This patch has been submitted upstream - http://www.openldap.org/its/index.cgi/Incoming?id=6595 ITS 6595
Comment 1 Rich Megginson 2010-07-21 21:40:35 UTC 
This patch has been committed upstream
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6595;selectid=6595
Comment 2 Jan Vcelak 2010-07-22 08:09:51 UTC 
Thank you Rich. Applied.
Comment 3 Jan Vcelak 2010-07-22 08:25:11 UTC 
openldap-2.4.22-7.fc14