This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 537411

Summary: [PATCH] Better error handling in NSS code
Product: [Fedora] Fedora Reporter: Pierre Ossman <ossman>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 11CC: jchadima, mgrepl, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-09 08:36:39 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 356451, 537397    
Bug Blocks: 543358    
Attachments:
Description Flags
0005-Check-the-return-value-and-print-something-useful-wh.patch
none
0006-Move-out-the-NSS-authentication-to-a-separate-functi.patch
none
0007-Make-NSS-key-handling-support-multiple-attempts-at-e.patch
none
0008-Improve-error-reporting-for-when-you-are-running-out.patch none

Description Pierre Ossman 2009-11-13 09:56:17 EST
Created attachment 369437 [details]
0005-Check-the-return-value-and-print-something-useful-wh.patch

The NSS code lacks error handling for token authentication. This patch series adds that and also makes sure that you get multiple attempts at entering your passphrase.
Comment 1 Pierre Ossman 2009-11-13 09:56:36 EST
Created attachment 369438 [details]
0006-Move-out-the-NSS-authentication-to-a-separate-functi.patch
Comment 2 Pierre Ossman 2009-11-13 09:56:53 EST
Created attachment 369439 [details]
0007-Make-NSS-key-handling-support-multiple-attempts-at-e.patch
Comment 3 Pierre Ossman 2009-11-13 09:57:11 EST
Created attachment 369440 [details]
0008-Improve-error-reporting-for-when-you-are-running-out.patch
Comment 4 Jan F. Chadima 2009-11-24 09:21:44 EST
The patches is applied in openssh-5.3p1-10.fc13, can you test it, please.
Comment 5 Pierre Ossman 2009-11-24 10:01:13 EST
Works nicely. Any chance of poking the NSS guys so that the code for a locked card will be handled?
Comment 6 Jan F. Chadima 2010-03-09 08:36:39 EST
This functionality will be discontinued due to massive upstrem changes in the
key handling. There is now pkcs11 support by Alon Bar Lev instead.