Bug 616552 - Mozilla NSS - delay token auth until needed
Summary: Mozilla NSS - delay token auth until needed
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: openldap
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jan Vcelak
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 616558
TreeView+ depends on / blocked
 
Reported: 2010-07-20 19:05 UTC by Rich Megginson
Modified: 2013-03-04 01:27 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 616558 (view as bug list)
Environment:
Last Closed: 2010-07-22 08:25:11 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
openldap-2.4.22-initauthtoken.patch (1.36 KB, patch)
2010-07-20 19:05 UTC, Rich Megginson
no flags Details | Diff

Description Rich Megginson 2010-07-20 19:05:22 UTC
Created attachment 433242 [details]
openldap-2.4.22-initauthtoken.patch

Description of problem:

The code was doing all of the authentications to all of the tokens during the
init phase.  This was causing problems with NSS cert/key clients, prompting for
the cert/key db password, when it isn't needed, since it is only needed to get
private key information.  The patch is to just remove the token authentication
during init.  The code already authenticates to the token when private key
information is needed e.g. running in TLS/SSL server mode, or using client cert
auth.

This patch has been submitted upstream - http://www.openldap.org/its/index.cgi/Incoming?id=6595 ITS 6595

Comment 1 Rich Megginson 2010-07-21 21:40:35 UTC
This patch has been committed upstream
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6595;selectid=6595

Comment 2 Jan Vcelak 2010-07-22 08:09:51 UTC
Thank you Rich. Applied.

Comment 3 Jan Vcelak 2010-07-22 08:25:11 UTC
openldap-2.4.22-7.fc14


Note You need to log in before you can comment on or make changes to this bug.