Re: OpenLDAP and NSS

2008-08-14 Thread Robert Relyea
Julien R Pierre - Sun Microsystems wrote: Michael, Michael Ströder wrote: Wan-Teh Chang wrote: Most NSS-based server applications open the NSS databases in read-only mode, so they can run with multiple processes safely. But client applications such as Firefox and Thunderbird open the

Re: OpenLDAP and NSS

2008-08-13 Thread Howard Chu
Rich Megginson wrote: > Howard Chu wrote: >> At any rate, I've committed the preliminary code to CVS so you can >> tinker with it if you want. It will take a lot more beating on before >> it's actually usable. > Some Red Hat folks have been working on adding NSS support to OpenLDAP. >It's almo

Re: OpenLDAP and NSS

2008-08-13 Thread Howard Chu
Julien R Pierre - Sun Microsystems wrote: > Michael, > > Michael Ströder wrote: >> Wan-Teh Chang wrote: >>> Most NSS-based server applications open the NSS databases in >>> read-only mode, so they can run with multiple processes safely. But >>> client applications such as Firefox and Thunderbird o

Re: OpenLDAP and NSS

2008-08-13 Thread Julien R Pierre - Sun Microsystems
Michael, Michael Ströder wrote: > Wan-Teh Chang wrote: >> Most NSS-based server applications open the NSS databases in >> read-only mode, so they can run with multiple processes safely. But >> client applications such as Firefox and Thunderbird open the NSS >> databases in read-write mode. > > A

Re: OpenLDAP and NSS

2008-08-13 Thread Michael Ströder
Wan-Teh Chang wrote: > Most NSS-based server applications open the NSS databases in > read-only mode, so they can run with multiple processes safely. But > client applications such as Firefox and Thunderbird open the NSS > databases in read-write mode. According to what Nelson said, cmsutil also

Re: OpenLDAP and NSS

2008-08-13 Thread Wan-Teh Chang
On Wed, Aug 13, 2008 at 8:01 AM, Howard Chu <[EMAIL PROTECTED]> wrote: > Michael Ströder wrote: >> Well, the situation of stuffing everything in a directory/file with >> PEM-formatted certs is not better. And every software can have its own >> cert?.db. > > At least filesystems are known to safely

Re: OpenLDAP and NSS

2008-08-13 Thread Rich Megginson
Howard Chu wrote: > Michael Ströder wrote: >> I'd really appreciate if the OpenLDAP client libs could make use of >> client certs I have in my Mozilla profile. > > Don't be so sure; it's not as good as it sounds... Without the new > shared DB support in NSS, this would very likely corrupt your ce

Re: OpenLDAP and NSS

2008-08-13 Thread Michael Ströder
Howard Chu wrote: > Michael Ströder wrote: >> I'd really appreciate if the OpenLDAP client libs could make use of >> client certs I have in my Mozilla profile. > > Don't be so sure; it's not as good as it sounds... Without the new > shared DB support in NSS, this would very likely corrupt your ce