NSS for PKINIT, in-progress patches available, feedback sought
Greg Hudson
ghudson at MIT.EDU
Mon Oct 10 18:33:31 EDT 2011
On 10/10/2011 05:34 PM, Nalin Dahyabhai wrote:
> Hmm, I should have remembered and noted that. It's being tracked
> upstream at https://bugzilla.mozilla.org/show_bug.cgi?id=402712, but
> it's taking a while.
I see that there was some initial resistance, but there's motivation
from a few parties to get this in. So eventually this should resolve,
hopefully.
> The Fedora packaging puts the module in $libdir along with the soft
> token (libsoftokn3) and the built-in roots (libnssckbi), so I'd expect
> (well, hope for, more like) libnsspem to land there as well.
I'm actually not sure where SECMOD_LoadUserModule looks for relative
paths. If it looks in the NSS library directory than there's no
problem. If it only looks at the runtime linker path ($LD_LIBRARY_PATH
or /usr/lib) then that's unfortunate if NSS and krb5 are built into
non-default locations. This is not a problem for OS distributors, of
course.
>> 4. The name libnsspem.so is ELF-specific.
>
> I've added an attempt at guessing [...]
I think you want to call PR_GetLibraryName(NULL, "nsspem") to get the
appropriate module spec string.
More information about the krbdev
mailing list