Neil wrote: > This is probably PSM again, Yes.
> but I hope someone here can answer it, or point me somewhere. > We have a both menuitem and a dialog that logs you out of the SDR, so > that you need to reenter your Master Password to gain access to your > stored certificates and other encrypted material, such as the login > manager's password store. > > This works fine when you actually have a Master Password. However when > you do not have a Master Password then it does not seem possible to log > in again. > > Is this a case of: > a) sdr.logoutAndTeardown(); is the wrong API to log out > b) we're using the wrong API to log in when there is no password > c) there's a bug in PSM and/or NSS? or possibly d) should we not be logging the user out when the user has no way to log back in? (That's my guess) Those are exactly the right questions. It will probably take a combination of a PSM developer (e.g., Kai, Honza) and an NSS developer (e.g., Bob Relyea) to answer them. I'd expect them to ask some additional questions first, such as: a) Is this a new problem? Or a problem of long standing? If it's a new problem, when did it begin? Did it begin with the adoption of some new version of NSS? b) Does this problem only occur with DBs that have been upgraded from older versions of the browser to a newer version (e.g. from SM N-1 to SM N) or does it also occur in brand new profiles created from scratch with the latest SM? > Thanks, > Neil. I'll add these thoughts. I don't know of any way to "log in" to a token that has no password. IINM, such a token just "comes up" in a state that is similar to being already logged in. It's not surprising to me that forcefully logging it out leaves it in a state where it cannot log in again without being restarted. Maybe the solution is to make it so that it cannot be logged out, since it is not truly logged in. That could be done in NSS or in PSM or in the browser outside of PSM (I think). I hope Bob will add some comments to this thread. I wish we had a PSM developer active in this group/list, but alas... -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
