RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1449740 - Label name does not match the username on the smartcard
Summary: Label name does not match the username on the smartcard
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: opensc
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Jakub Jelen
QA Contact: Asha Akkiangady
URL:
Whiteboard:
: 1462000 1464253 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-10 14:54 UTC by Roshni
Modified: 2021-12-10 15:03 UTC (History)
5 users (show)

Fixed In Version: opensc-0.16.0-6.20170227git777e2a3.el7
Doc Type: Enhancement
Doc Text:
Feature: The PIV token labels show the cardholder name. Reason: The token label is used by graphical application, for example in gnome login screen and previous generic name was confusing in this context. Result: The PIV tokens now list the cardholder name in the token label field.
Clone Of:
Environment:
Last Closed: 2018-04-10 18:28:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0987 0 None None None 2018-04-10 18:28:18 UTC

Description Roshni 2017-05-10 14:54:17 UTC 
Description of problem:

Jakub found the following:

The PKCS#11 specification (pkcs-11v2-30b-d6.pdf) is very vague about the meaning of the label field in the CK_TOKEN_INFO structure:

> application-defined label, assigned during token
initialization. Must be padded with the blank character
(‘ ‘). Should not be null-terminated.

The coolkey is obviously setting the full cardholder name to this field:

    memcpy(label, personName, MIN(personLen, maxSize));

but OpenSC is using PIN label for some reason in combination with pkcs15-emulated label (one for a driver)

    p15card->tokeninfo->label = strdup("PIV_II");

We can probably push similar change to OpenSC, but I don't think this should be a blocker for RHEL7.4 release unless it will prevent the above use case with Gnome.
Comment 4 Roshni 2017-06-28 14:43:46 UTC 
*** Bug 1464253 has been marked as a duplicate of this bug. ***
Comment 5 Jakub Jelen 2017-08-18 12:50:19 UTC 
The PR for PIV was send upstream:
https://github.com/OpenSC/OpenSC/pull/1133
Comment 6 Jakub Jelen 2017-09-04 07:40:57 UTC 
*** Bug 1462000 has been marked as a duplicate of this bug. ***
Comment 9 Roshni 2017-12-13 21:43:35 UTC 
Jakub,

Most of the PIV, CAC and non-CAC/PIV cards are displaying the expected label name in the GDM login screen except for 2 PIV cards. Those 2 PIV card have a global PIN and the label name I see on the login screen is "Welcome Global PIN (username)". When I use coolkey for the same 2 cards I notice it shows the correct label names.
Comment 10 Jakub Jelen 2017-12-14 09:10:22 UTC 
Yes, this was discussed in the upstream PR and it is how we expect it will behave. But I missed this "welcome message" context here since it was missing from the bug description.

In this specific example, we can argue, that the wording in the other way "Welcome username (Global PIN)" would sound better. But in that case one with too-long name might end up without seeing the information which PIN should be used.

I am not sure if we want to change it this late in testing (and so close to beta). The change would be trivial, but we should have to go through upstream and this change would affect all the card drivers, where these two labels would get switched.
Comment 11 Roshni 2017-12-14 14:07:26 UTC 
I can open a new low priority bug for this and mark this bug verified, if it sounds good to you.
Comment 12 Jakub Jelen 2017-12-14 15:14:11 UTC 
Yes, we can do that and decide later. Or we can just say that we are ok with this state. It is probably up to you. I see that there is still a difference in usability of gnome prompt from coolkey, but also on the other hand the change would be hard for upstream, since it would be quite drastic change with quite no benefit for them.
Comment 13 Roshni 2017-12-18 18:15:05 UTC 
[root@dhcp129-107 ~]# rpm -qi opensc
Name        : opensc
Version     : 0.16.0
Release     : 7.20170227git777e2a3.el7
Architecture: x86_64
Install Date: Mon 18 Dec 2017 01:10:47 PM EST
Group       : System Environment/Libraries
Size        : 3262790
License     : LGPLv2+
Signature   : RSA/SHA256, Thu 09 Nov 2017 08:06:31 AM EST, Key ID 199e2f91fd431d51
Source RPM  : opensc-0.16.0-7.20170227git777e2a3.el7.src.rpm
Build Date  : Thu 09 Nov 2017 07:40:40 AM EST
Build Host  : x86-039.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : https://github.com/OpenSC/OpenSC/wiki
Summary     : Smart card library and applications

Labels of the smartcards were displayed as expected expect for the PIV cards with global pin (opened https://bugzilla.redhat.com/show_bug.cgi?id=1527187)
Comment 19 errata-xmlrpc 2018-04-10 18:28:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0987
Note You need to log in before you can comment on or make changes to this bug.