On 18/06/07, Douglas E. Engert <[EMAIL PROTECTED]> wrote: > Sounds like you should have two version, an OpenSSL based version, > and an NSS based version at least until the issues are addressed. > > Not only will the pam_pkcs11 be calling NSS or OpenSSL, other pam modules in > the pam stack or even the application may be using OpenSSL. For example, > one may want to use GDM or OpenSSH calling PAM. The Pam stack may uses ldap, > with SASL > and TLS and Kerberos with PKINIT calling OpenSC with OpenSLL. Right now > OpenSSL > is the defacto shared library. Introducing NSS as well into the pam stack may > have > unexpected some side effects. So keeping an pam_pkcs11_openssl version might > be > prudent.
By default (at ./configure time) OpenSSL is used. So unless you explicitly want to use NSS pam_pkcs11 will continue using OpenSSL. I don't think that is a problem for old users. Instead of forking pam_pkcs11 in two versions (NSS vs OpenSSL) I think it is better to keep the effort on the common code. I know the situation is not perfect and pam_pkcs11 could be improved. But we do not have the manpower to correctly maintain one version so maintaining two "competing" versions will not solve the manpower issue. Submitting patches is the best way to improve pam_pkcs11. Regards, -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
