Changes

'''PublicCerts''' - The certificates on this token can be read without authenticating to this token, and any user certs on this token have a patching public key which is also readable without authenticating. Setting this flags means NSS will not try to authenticate to the token when searching for Certificates. This removes spurious password prompts, but if incorrectly set it can also cause NSS to miss certificates in a token until that token is explicitly logged in.

'''hasRootCerts'''- claims that this token has the default root certs and trust values. At init time NSS, will try to look for a default root cert device if one has not already been loaded. '''hasRootTrust'''- parsed but ignored. '''timeout''' - time in minutes before the current authentication should be rechecked. This value is only used if askpwd is set to 'timeout'. (default = 0). '''askpwd''' - case-insensitive flag describing how password prompts should be manages:. Only one of the following can be specified. '''every'''- prompt whenever the a private key on this token needs to be access (this is on the entire token, not on a key-by-key basis. '''timeout'''- whenever the last explicit login was longer than 'timeout' minutes ago. '''only'''- authenticate to the token only when necessary (default).

library= name="Netscape Internal Crypto Module" parameters="configdir=/u/relyea/.netscape certprefix= secmod=secmod.db" NSS="Flags=internal,pkcs11module TrustOrder=1 CipherOrder=-1 ciphers= slotParams={0x1=[slotFlags='RSA,DSA,DH,RC4,RC2,DES,MD2,MD5,SHA1,SSL,TLS,PublicCerts,Random'] 0x2=[slotFlags='RSA' timeout=50 askpw=only]}"