Bug 1005334
Summary: | Unable to login using smart card after adding the coolkey module to /etc/pki/nssdb | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Roshni <rpattath> |
Component: | coolkey | Assignee: | Bob Relyea <rrelyea> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.5 | CC: | jgalipea, mcrha, rrelyea |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | coolkey-1.1.0-30.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-21 23:06:13 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Roshni
2013-09-06 16:39:36 UTC
The basic problem is pk11install only works with paths, not sql: or dbm: paths. When the build in the errata is installed, the PKCS#11 Coolkey Module is automatically added to /etc/pki/nssdb and smartcard login works fine. If the PKCS#11 Coolkey Module is deleted and added back again, the issue described in this bug is seen (unable to login using smartcard) Roshni, please to ls -s /etc/pki/nssdb if pkcs11.txt does not have group other read, hand change it. There is an NSS bug against this issue. I changed the permission of group other to read for the file pkcs11.txt, the issue still exists. Roshni, can you point me to your machines that are misbehaving? Bob, The machine is ready, you can have a look at the issue. Let me know if you need any more information from my side. Coolkey seem seems to be working fine, the bug seems to be on the pam_pkcs11 component as in bug https://bugzilla.redhat.com/show_bug.cgi?id=1012082 this was ultimately not a coolkey bug, the fix was elsewhwere, so no docs needed for coolkey. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1699.html |