On 12/08/2014 05:05 AM, David Woodhouse wrote:
On Mon, 2014-12-08 at 10:15 +0000, Martinsson Patrik wrote:So, to summarize, $> sudo update-alternatives --install /usr/lib64/libnssckbi.so libnssckbi.so.x86_64 /usr/lib64/p11-kit-proxy.so 1000$> cat /etc/pki/nssdb/pkcs11.txt library=/usr/lib64/p11-kit-proxy.so name=p11-kit-proxy NSS=trustOrder=100You shouldn't need that bit. It was only pam_pkcs11 which wasn't loading the smartcard modules via the nssdb, and it wants to load OpenSC *explicitly* anyway. And besides, *nothing* should be using /etc/pki/nssdb since we can ditch the Shared System Database nonsense. Just let use pam_pkcs11 use its default /etc/pam_pkcs11/nssdb instead.
Nothing in the above paragraph is true. openning1)sql:/etc/pki/nssdb is *STILL* the recommended action for applications (whether or not nssysinit is installed), and 2) what ever the recommendation, pam_pkcs11 still used /etc/pki/nssdb (by default, always), not /etc/pams_pkcs11/nssdb. (It never has used).
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
