Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 616552 - Mozilla NSS - delay token auth until needed
Mozilla NSS - delay token auth until needed
Product: Fedora
Classification: Fedora
Component: openldap (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Jan Vcelak
Fedora Extras Quality Assurance
Depends On:
Blocks: 616558
  Show dependency treegraph
Reported: 2010-07-20 15:05 EDT by Rich Megginson
Modified: 2013-03-03 20:27 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 616558 (view as bug list)
Last Closed: 2010-07-22 04:25:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
openldap-2.4.22-initauthtoken.patch (1.36 KB, patch)
2010-07-20 15:05 EDT, Rich Megginson
no flags Details | Diff

  None (edit)
Description Rich Megginson 2010-07-20 15:05:22 EDT
Created attachment 433242 [details]

Description of problem:

The code was doing all of the authentications to all of the tokens during the
init phase.  This was causing problems with NSS cert/key clients, prompting for
the cert/key db password, when it isn't needed, since it is only needed to get
private key information.  The patch is to just remove the token authentication
during init.  The code already authenticates to the token when private key
information is needed e.g. running in TLS/SSL server mode, or using client cert

This patch has been submitted upstream - http://www.openldap.org/its/index.cgi/Incoming?id=6595 ITS 6595
Comment 1 Rich Megginson 2010-07-21 17:40:35 EDT
This patch has been committed upstream
Comment 2 Jan Vcelak 2010-07-22 04:09:51 EDT
Thank you Rich. Applied.
Comment 3 Jan Vcelak 2010-07-22 04:25:11 EDT

Note You need to log in before you can comment on or make changes to this bug.