Re: (ITS#6595) Patch - Mozilla NSS - delay token auth until needed

[hyc@symas.com]

rmeggins@redhat.com wrote:
> Full_Name: Rich Megginson
> Version: 2.4.23
> OS: Fedora
> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.23-initauthtoken.patch
> Submission from: (NULL) (76.113.111.209)
>
>
> The code was doing all of the authentications to all of the tokens during the
> init phase.  This was causing problems with NSS cert/key clients, prompting for
> the cert/key db password, when it isn't needed, since it is only needed to get
> private key information.  The patch is to just remove the token authentication
> during init.  The code already authenticates to the token when private key
> information is needed e.g. running in TLS/SSL server mode, or using client cert
> auth.
>
> This patch file is derived from OpenLDAP Software. All of the
> modifications to OpenLDAP Software represented in the following
> patch(es) were developed by Red Hat. Red Hat has not assigned rights
> and/or interest in this work to any party. I, Rich Megginson am
> authorized by Red Hat, my employer, to release this work under the
> following terms.
>
> Red Hat hereby place the following modifications to OpenLDAP Software
> (and only these modifications) into the public domain. Hence, these
> modifications may be freely used and/or redistributed for any purpose
> with or without attribution and/or other notice.
>
>
Committed to HEAD.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/