Comment 4 for bug 1746947

Hi Timo,
according to my sniff tests it will fail later on in 4.6.2 as well.
It seems the new nss makes the crypto/passwords no more behave the way as expected.

Of course the autopkgtest for 4.6.2 won't fail (as there is no old cert8.db, so the call is skipped), but if there would be one (e.g. on an upgrade) then it would fail (at least according to my tests in some containers).

So as soon as I bad-test 4.4.4 things will go on as the autopkgtest won't test the upgrade path. but it will still be "broken under the hood".

I didn't expect a fix in 4.4.x but instead wondered if you might be able to help to understand why it fails at all. And then depending on that insight we can work on a fix for either nss or freeipa as needed.