439
edits
NSS Shared DB And LINUX: Difference between revisions
Jump to navigation
Jump to search
→Type 1 packages: User applications
| Line 53: | Line 53: | ||
User applications should open NSS using a shared database stored in ~/.pki/nssdb in the user's home directory. If the application needs to store new certificates (like a web browser), then it should open this database read/write. User's local preferences would be stored in this database. Changes the application wants to make will occur in this database. Any user specified tokens would also be stored in this database. | User applications should open NSS using a shared database stored in ~/.pki/nssdb in the user's home directory. If the application needs to store new certificates (like a web browser), then it should open this database read/write. User's local preferences would be stored in this database. Changes the application wants to make will occur in this database. Any user specified tokens would also be stored in this database. | ||
In addition, the application should | In addition, the application should open the system database /etc/pki/nssdb. This database should be opened read only. The user will typically not have permission to modify this database. This database will provide system level defaults for tokens to load and root certs to trust. This gives us hooks form things like IPA to manage and distribute trusted root certs system wide. | ||
[I'm almost certain there's a typo there - how can every application *own* the system database? Don't you mean *open*?] | [I'm almost certain there's a typo there - how can every application *own* the system database? Don't you mean *open*? - bob: you are correct, changed.] | ||
== Type 2 packages: Services applications == | == Type 2 packages: Services applications == | ||