Le 03/03/17 à 05:13, Mike Hommey a écrit :
On Wed, Mar 01, 2017 at 05:14:45PM +0100, Laurent Bigonville wrote:
On Fri, 08 Apr 2016 14:56:09 +0200 Laurent Bigonville <bi...@debian.org>
wrote:
Hi,
Please find a patch (split from the patch previously proposed in bug
#537866) attached to this mail that install the libnsssysinit module and
add the setup-nsssysinit script coming from Fedora[0] to allow sysadmin
to easily enable/disable this module on the machine.
This would be a 1st step to fix #798455 and #537866 could you please
merge this patch independently from the rest.
Cheers,
Laurent Bigonville
[0]
http://pkgs.fedoraproject.org/cgit/rpms/nss.git/plain/setup-nsssysinit.sh
Any remarks on this patch?
I think we discussed this in the past, and that p11kit seems a better
way forward.
Yes the integration of p11-kit seems to be the way forward, fedora is
planning(?) to do that.
But if I understand properly the purpose of this module, it allows the
certificates/keys/... stored in the user NSS DB to be loaded
transparently by an application that is only looking at the system one.
I don't think that p11-kit trust module is allowing to do that, or do I
miss something?
