Bug 201347

Summary: pam_pkcs11 needs to examine the Logined smartcard environment variable
Product: Red Hat Enterprise Linux 5 Reporter: Bob Relyea <rrelyea>
Component: pam_pkcs11Assignee: Bob Relyea <rrelyea>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: blord, ohegarty, rrelyea, rstrode, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 5.0.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-13 14:28:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 181386, 181509, 202651    

Description Bob Relyea 2006-08-04 15:23:39 UTC
Description of problem:

If we have logged in with a particular smart card, an environment variable is
set. pam_pkcs11 needs to examine that variable and not allow additional
authentications unless it is with that particular smart card.

Version-Release number of selected component (if applicable):

FC6 test 2, devel

Comment 1 Ray Strode [halfline] 2006-08-11 21:01:15 UTC
*** Bug 202264 has been marked as a duplicate of this bug. ***

Comment 3 Bob Relyea 2006-09-13 00:07:42 UTC
*** Bug 195958 has been marked as a duplicate of this bug. ***

Comment 4 Bob Relyea 2006-09-13 18:03:48 UTC
Fixed in pam_pkcs11-0.5.3-17


Comment 6 Orla Hegarty 2006-09-20 00:09:45 UTC
Release Criteria match 16.d

Comment 7 Orla Hegarty 2006-09-25 21:24:49 UTC
I tried again on my i386 box and I can definitely reproduce this bug there too
now. The main difference between my current i386 box and my x86_84 box is that
my x86_64 box doesn't lock when the smart card is removed due to bug#208018 and
to reproduce this bug there I have to manually lock the screen. 

Steps to Reproduce:
1. From the menu; System -> Administration -> Authentication -> Authentication tab
2. Configure Smart Card -> Card Removal Action -> Lock
3. Log in with a smart card 
4. Remove the smart card
5. Re-insert the smart card
6. Type Kerberos ID to login

I can login with kerberos ID after first logging in with a Smart Card. This
should not be allowed. 

REOPEN - FAILS_QA

Comment 8 Bob Relyea 2006-09-26 18:13:15 UTC
Fixed in pam_pkcs11-0.5.3-21

Comment 9 Orla Hegarty 2006-10-12 18:12:35 UTC
$ rpm -qa | grep pam_pkcs11
pam_pkcs11-0.5.3-22
pam_pkcs11-0.5.3-22

VERIFIED fixed against 20061006.2 

Comment 10 Jay Turner 2006-11-13 14:28:21 UTC
Closing out as included in latest RHEL5 builds (20061111.0)