[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6595) Patch - Mozilla NSS - delay token auth until needed
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6595) Patch - Mozilla NSS - delay token auth until needed
- From: hyc@symas.com
- Date: Wed, 21 Jul 2010 21:13:22 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
rmeggins@redhat.com wrote:
> Full_Name: Rich Megginson
> Version: 2.4.23
> OS: Fedora
> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.23-initauthtoken.patch
> Submission from: (NULL) (76.113.111.209)
>
>
> The code was doing all of the authentications to all of the tokens during the
> init phase. This was causing problems with NSS cert/key clients, prompting for
> the cert/key db password, when it isn't needed, since it is only needed to get
> private key information. The patch is to just remove the token authentication
> during init. The code already authenticates to the token when private key
> information is needed e.g. running in TLS/SSL server mode, or using client cert
> auth.
>
> This patch file is derived from OpenLDAP Software. All of the
> modifications to OpenLDAP Software represented in the following
> patch(es) were developed by Red Hat. Red Hat has not assigned rights
> and/or interest in this work to any party. I, Rich Megginson am
> authorized by Red Hat, my employer, to release this work under the
> following terms.
>
> Red Hat hereby place the following modifications to OpenLDAP Software
> (and only these modifications) into the public domain. Hence, these
> modifications may be freely used and/or redistributed for any purpose
> with or without attribution and/or other notice.
>
>
Committed to HEAD.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/