NSS for PKINIT, in-progress patches available, feedback sought

Greg Hudson ghudson at MIT.EDU
Mon Oct 10 18:33:31 EDT 2011

On 10/10/2011 05:34 PM, Nalin Dahyabhai wrote:
> Hmm, I should have remembered and noted that.  It's being tracked
> upstream at https://bugzilla.mozilla.org/show_bug.cgi?id=402712, but
> it's taking a while.

I see that there was some initial resistance, but there's motivation
from a few parties to get this in.  So eventually this should resolve,

> The Fedora packaging puts the module in $libdir along with the soft
> token (libsoftokn3) and the built-in roots (libnssckbi), so I'd expect
> (well, hope for, more like) libnsspem to land there as well.  

I'm actually not sure where SECMOD_LoadUserModule looks for relative
paths.  If it looks in the NSS library directory than there's no
problem.  If it only looks at the runtime linker path ($LD_LIBRARY_PATH
or /usr/lib) then that's unfortunate if NSS and krb5 are built into
non-default locations.  This is not a problem for OS distributors, of

>> 4. The name libnsspem.so is ELF-specific.
> I've added an attempt at guessing [...]

I think you want to call PR_GetLibraryName(NULL, "nsspem") to get the
appropriate module spec string.

More information about the krbdev mailing list