Back to bug 1367919

Who When What Removed Added
Roshni 2016-08-17 19:38:38 UTC Keywords TestBlocker
CC aakkiang, spoore
Roshni 2016-08-17 19:38:58 UTC Summary Unable to login using smartcards tha thave ipa user certificates Unable to login using smartcards that have ipa user certificates
Jakub Hrozek 2016-08-18 08:12:26 UTC CC rpattath
Flags needinfo?(rpattath)
Roshni 2016-08-18 13:16:50 UTC Flags needinfo?(rpattath)
Scott Poore 2016-08-22 17:52:27 UTC Priority unspecified urgent
Severity unspecified urgent
Roshni 2016-08-22 19:16:10 UTC CC sbose
Flags needinfo?(sbose)
Sumit Bose 2016-08-23 07:58:57 UTC CC rrelyea
Flags needinfo?(sbose)
Roshni 2016-08-23 18:51:48 UTC Component sssd pam_pkcs11
Assignee sssd-maint rrelyea
Summary Unable to login using smartcards that have ipa user certificates pam_pkcs11 unable to detect cards when opensc and coolkey modules co-exist
QA Contact sgoveas aakkiang
Roshni 2016-08-23 18:52:35 UTC Keywords TestBlocker
Aneta Šteflová Petrová 2016-08-25 13:23:20 UTC Docs Contact apetrova
Flags needinfo?(rrelyea)
Bob Relyea 2016-08-30 00:37:56 UTC Target Release --- 7.4
Doc Text Cause:
pam_pkcs11 only supports one token.

Consequence:
You can't support both opensc and coolkey at the same time. As a result you can't use pkcs15 tokens at the same time as CAC and coolkey tokens.

Workaround (if any):
pick coolkey or opensc for the largest set of tokens you need in your deployment. (mostly affects QA were there is a large diversity of tokens)


Result:
Doc Type If docs needed, set a value Known Issue
Flags needinfo?(rrelyea)
Aneta Šteflová Petrová 2016-08-30 06:36:33 UTC Docs Contact apetrova mmuehlfe
Peter Vrabec 2016-08-30 15:33:03 UTC CC pvrabec
Marc Muehlfeld 2016-09-01 14:22:00 UTC Doc Text Cause:
pam_pkcs11 only supports one token.

Consequence:
You can't support both opensc and coolkey at the same time. As a result you can't use pkcs15 tokens at the same time as CAC and coolkey tokens.

Workaround (if any):
pick coolkey or opensc for the largest set of tokens you need in your deployment. (mostly affects QA were there is a large diversity of tokens)


Result:
"pam_pkcs11" only supports one token

The PKCS#11 modules in the _opensc_ and _coolkey_ packages provide support for both types of smart cards: PKCS#15 and Common Access Card (CAC). However the "pam_pkcs11" module only supports one of them at a time. As a consequence, you cannot use PKCS#15 and CAC tokens using the same configuration. To work around the problem, install one of the following:

* the _opensc_ package for PKCS#15 and PIV support
* the _coolkey_ package for CAC, Coolkey, and PIV support
Flags needinfo?(rrelyea)
Bob Relyea 2016-09-01 22:20:50 UTC Flags needinfo?(rrelyea)
Marc Muehlfeld 2016-09-02 06:11:40 UTC Doc Text "pam_pkcs11" only supports one token

The PKCS#11 modules in the _opensc_ and _coolkey_ packages provide support for both types of smart cards: PKCS#15 and Common Access Card (CAC). However the "pam_pkcs11" module only supports one of them at a time. As a consequence, you cannot use PKCS#15 and CAC tokens using the same configuration. To work around the problem, install one of the following:

* the _opensc_ package for PKCS#15 and PIV support
* the _coolkey_ package for CAC, Coolkey, and PIV support
"pam_pkcs11" only supports one token

The PKCS#11 modules in the _opensc_ and _coolkey_ packages provide support for various types of smart cards. However the "pam_pkcs11" module only supports one of them at a time. As a consequence, you cannot use PKCS#15 and CAC tokens using the same configuration. To work around the problem, install one of the following:

* the _opensc_ package for PKCS#15 and PIV support
* the _coolkey_ package for CAC, Coolkey, and PIV support
Nikos Mavrogiannopoulos 2016-09-12 14:25:24 UTC CC nmavrogi
Depends On 1373164
Thorsten Scherf 2016-10-25 13:27:55 UTC CC tscherf
Bob Relyea 2017-03-13 22:48:17 UTC Status NEW CLOSED
Resolution --- WORKSFORME
Last Closed 2017-03-13 18:48:17 UTC

Back to bug 1367919