Bug 1461997
| Summary: | During SSL connection firefox prompts for smartcard pin multiple time when enforce smartcard login is enabled | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Roshni <rpattath> |
| Component: | opensc | Assignee: | Jakub Jelen <jjelen> |
| Status: | CLOSED NOTABUG | QA Contact: | Release Test Team <release-test-team-automation> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | rpattath |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-06-19 20:48:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Roshni
2017-06-15 21:16:45 UTC
There is not enough information (configuration, card type and information, what secure site) for me to reproduce this behavior not to see where problem could be (debug logs). In case it is PIV card, this might be caused by the ALWAYS_AUTHENTICATE attribute, that should be set (but was not enforced in Coolkey). The following article provides a way how to workaround it and ask only once: https://access.redhat.com/articles/3034441 It is not a PIV card, it is Gemalto 64K card which is supported by coolkey and pam_pkcs11. I do not see this issue when "Require Smartcard for login" is not set in authconfig, it prompts for pin only once. Unable to reproduce this issue, so marking the bug closed for now. |