Resolves: bug 439829

Bug Description: simple password auth fails using NSS 3.11.99 or later
Reviewed by: nkinder (Thanks!)
Fix Description: The new softokn in NSS 3.11.99 and later requires that
the server calls NSS_Init() after forking, but before detaching from the
controlling terminal.  In fact, this was always a requirement, but the
softokn in older NSS allow it.  However, it's possible that some
hardware crypto devices do not allow this and may not work with older
directory servers.  The fix is to move the nss/ssl initialization so
that it can be called at the right point, or from other points in cases
where the server does not fork (e.g. db2ldif).
Platforms tested: Fedora 9 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no

1 files changed, 5 insertions, 2 deletions

diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index b27b74b4..f3f7131f 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -483,7 +483,8 @@ void do_delete( Slapi_PBlock *pb );
 /*
  * detach.c
  */
-void detach( void );
+void detach( int slapd_exemode, int importexport_encrypt,
+             int s_port, daemon_ports_t *ports_info );
 #ifndef _WIN32
 void close_all_files( void );
 #endif
@@ -879,7 +880,6 @@ int slapd_security_library_is_initialized();
 int slapd_ssl_listener_is_initialized();
 int sasl_io_cleanup(Connection *c);
 
-
 /*
  * security_wrappers.c
  */
@@ -1277,4 +1277,7 @@ void *slapd_service_exit_wait();
 #if ( defined( hpux ) || defined( irix ))
 void signal2sigaction( int s, void *a );
 #endif
+int slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt,
+                              int s_port, daemon_ports_t *ports_info);
+
 #endif /* _PROTO_SLAP */