Bug 616552 - Mozilla NSS - delay token auth until needed
Summary: Mozilla NSS - delay token auth until needed
Alias: None
Product: Fedora
Classification: Fedora
Component: openldap
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jan Vcelak
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 616558
TreeView+ depends on / blocked
Reported: 2010-07-20 19:05 UTC by Rich Megginson
Modified: 2013-03-04 01:27 UTC (History)
4 users (show)

Clone Of:
: 616558 (view as bug list)
Last Closed: 2010-07-22 08:25:11 UTC

Attachments (Terms of Use)
openldap-2.4.22-initauthtoken.patch (1.36 KB, patch)
2010-07-20 19:05 UTC, Rich Megginson
no flags Details | Diff

Description Rich Megginson 2010-07-20 19:05:22 UTC
Created attachment 433242 [details]

Description of problem:

The code was doing all of the authentications to all of the tokens during the
init phase.  This was causing problems with NSS cert/key clients, prompting for
the cert/key db password, when it isn't needed, since it is only needed to get
private key information.  The patch is to just remove the token authentication
during init.  The code already authenticates to the token when private key
information is needed e.g. running in TLS/SSL server mode, or using client cert

This patch has been submitted upstream - http://www.openldap.org/its/index.cgi/Incoming?id=6595 ITS 6595

Comment 1 Rich Megginson 2010-07-21 21:40:35 UTC
This patch has been committed upstream

Comment 2 Jan Vcelak 2010-07-22 08:09:51 UTC
Thank you Rich. Applied.

Comment 3 Jan Vcelak 2010-07-22 08:25:11 UTC

Note You need to log in before you can comment on or make changes to this bug.