From 9ea75b5ccc838b41edf157682854f9cd4b88b3e5 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sun, 24 Apr 2011 16:32:12 +0200
Subject: Warn that some crypto features are implemented in NSS only

---
 BUILD.txt    | 7 +++++++
 configure.ac | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/BUILD.txt b/BUILD.txt
index 8dd369447..5e269c52b 100644
--- a/BUILD.txt
+++ b/BUILD.txt
@@ -33,6 +33,13 @@ ding-libs are available in Fedora 14 and later version:
 yum install  libcollection-devel  libdhash-devel  libini_config-devel \
      libpath_utils-devel  libref_array-devel
 
+Some features, notably password caching, require the presence of a crypto
+library. The default, tested by SSSD upstream, is Mozilla NSS. An alternative
+crypto library can be selected during configure time using the --with-crypto
+switch. Please note that alternative crypto back ends may not provide all
+features -  as of this writing, password obfuscation is only supported with the
+NSS back end.
+
 How to build:
 ~~~~~~~~~~~~~
 From the root of the source, run:
diff --git a/configure.ac b/configure.ac
index f88846648..d71578ddb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -181,6 +181,8 @@ if test x$cryptolib = xnss; then
 fi
 if test x$cryptolib = xlibcrypto; then
     AM_CHECK_LIBCRYPTO
+    AC_MSG_WARN([libcrypto back end does not implement all the crypto features, \
+notably password obfuscation. Using the NSS backend is recommended.])
 fi
 
 AC_CHECK_HEADERS([sys/inotify.h])
-- 
cgit