Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1061799

Summary: SECMOD_WaitForAnyTokenEvent returns spurious error once at start up
Product: Red Hat Enterprise Linux 7 Reporter: Ray Strode [halfline] <rstrode>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: eparis, martinsson.patrik, rrelyea
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-06 22:40:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ray Strode [halfline] 2014-02-05 16:11:04 UTC 
A RHEL customer is currently trying out the RHEL 7 beta and hitting an issue with his smartcard setup.  If the card is inserted at login time SECMOD_WaitForAnyTokenEvent returns SEC_ERROR_PKCS12_UNABLE_TO_READ one time.  Calling it again, makes it properly block for insertion and removal events.

in RHEL6, gnome would retry on error.  in rhel7 it doesn't (see bug 1061785 ).

Is this a driver issue? it's a NetId card which uses the libiidp11.so pkcs11 driver.  Is it something we can work around in NSS, so there isn't the spurious error message?
Comment 3 Bob Relyea 2014-02-19 00:03:08 UTC 
It most likely is. SECMOD_WaitForAnyTokenEvent() depends on the modules C_WaitForSlotEvent() at the PKCS #11 layer.

The NSS work around would be the same as the application work around (retry once).

bob
Comment 4 Eric Paris 2014-03-06 22:40:59 UTC 
Bob is saying that the pkcs#11 module is the problem.  not gnome.  not nss.  There is no good way to fix this in software.  We are going to close this bug as NOTABUG.
Comment 5 Ray Strode [halfline] 2014-03-07 15:09:52 UTC 
that's fine. I already put a workaround in on the gnome side, so that should be good enough.