Bug 616552 - Mozilla NSS - delay token auth until needed
Mozilla NSS - delay token auth until needed
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openldap (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Jan Vcelak
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 616558
  Show dependency treegraph
 
Reported: 2010-07-20 15:05 EDT by Rich Megginson
Modified: 2013-03-03 20:27 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 616558 (view as bug list)
Environment:
Last Closed: 2010-07-22 04:25:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
openldap-2.4.22-initauthtoken.patch (1.36 KB, patch)
2010-07-20 15:05 EDT, Rich Megginson
no flags Details | Diff

  None (edit)
Description Rich Megginson 2010-07-20 15:05:22 EDT
Created attachment 433242 [details]
openldap-2.4.22-initauthtoken.patch

Description of problem:

The code was doing all of the authentications to all of the tokens during the
init phase.  This was causing problems with NSS cert/key clients, prompting for
the cert/key db password, when it isn't needed, since it is only needed to get
private key information.  The patch is to just remove the token authentication
during init.  The code already authenticates to the token when private key
information is needed e.g. running in TLS/SSL server mode, or using client cert
auth.

This patch has been submitted upstream - http://www.openldap.org/its/index.cgi/Incoming?id=6595 ITS 6595
Comment 1 Rich Megginson 2010-07-21 17:40:35 EDT
This patch has been committed upstream
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6595;selectid=6595
Comment 2 Jan Vcelak 2010-07-22 04:09:51 EDT
Thank you Rich. Applied.
Comment 3 Jan Vcelak 2010-07-22 04:25:11 EDT
openldap-2.4.22-7.fc14

Note You need to log in before you can comment on or make changes to this bug.