Given the fact that FreeIPA no longer uses python-nss and libcurl is moving away from NSS to OpenSSL, it makes sense to remove NSS from ipaclient. Once libxmlrpc_client uses an OpenSSL based libcurl, the password hashing code in ipa_pwd.c is the only dependency that pulls in NSS for client libs.
Reimplement the hashing code with OpenSSL
Refactor libutil and move ipa_pwd.c out. The functions ipapwd_generate_new_history and ipapwd_check_policy are not used by client libraries.
Metadata Update from @pvoborni:
- Issue priority set to: minor
- Issue set to the milestone: FreeIPA 4.7
- Issue tagged with: refactoring
Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone
to comment on this ticket.