Bug 884266

Summary: None of the DoD PIV test cards work, even with the latest coolkey.
Product: Red Hat Enterprise Linux 6 Reporter: Bob Relyea <rrelyea>
Component: coolkeyAssignee: Bob Relyea <rrelyea>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4CC: ddumas, jgalipea, jrieden
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: coolkey-1.1.0-25 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 10:16:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bob Relyea 2012-12-05 19:03:37 UTC 
Description of problem:

The Dod Supplies a set of PIV cards that it intends to deploy. Several of these cards are not expected to work because they require support that coolkey does not have:

Card 2: cert has PSS signatures.
Card 4, Card 5, Card 15: ECC cards.

The rest of the sample cards should work, but are unrecognized by coolkey.


Version-Release number of selected component (if applicable):

coolkey-1.1.0-24.el6


How reproducible:

Plug in any card. Neither Firefox (which coolkey installed), nor ESC (the card manager) will recognize the card.

neither will pklogin_finder.



Additional info:
Comment 1 Bob Relyea 2012-12-05 19:05:14 UTC 
I have a patch in hand that solves this problem.
Comment 2 Bob Relyea 2012-12-10 22:26:38 UTC 
Already in the errata, flip to ON_QA
Comment 3 Bob Relyea 2012-12-10 22:27:15 UTC 
Wrong bug... this is only assigned...
Comment 4 Bob Relyea 2012-12-19 18:03:24 UTC 
Asha, I never got a qa ack on this. There are complaints by Dod people that PIV II doesn't work, so we really do want this in 6.4 if we can get it...
Comment 8 Jenny Severance 2012-12-19 18:56:53 UTC 
Setting conditional NAK flag for QE, can not fully ack until we have cards to verify.
Comment 9 Bob Relyea 2012-12-19 20:12:51 UTC 
Jenny please reconsider. I have cards in hand I guarrentee I'll get at least one card out to Asha before I leave today, but I need the ack to check in as today is my last day to do so. 

Not getting this in could really hurt us with one of our best customers...
Comment 11 Bob Relyea 2013-01-02 18:30:53 UTC 
This bug needs to get into the errata still.
Comment 22 Asha Akkiangady 2013-01-22 23:13:23 UTC 
Card 2, Card 3: cert has PSS signatures.
Card 4, Card 5, Card 15: ECC cards.

All the PIV cards except ECC ones are recognized on ESC, Firefox and pklogin_finder.


Marking the bug verified.
Comment 24 errata-xmlrpc 2013-02-21 10:16:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0397.html