Bug 1655582 - F29: sssd based GDM smart-card local login flickering at "Sorry that didn't work. Please try again."
Summary: F29: sssd based GDM smart-card local login flickering at "Sorry that didn't w...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: gdm
Version: 29
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Ray Strode [halfline]
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-03 13:22 UTC by amitkuma
Modified: 2019-11-27 18:14 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-11-27 18:14:43 UTC
Type: Bug


Attachments (Terms of Use)

Description amitkuma 2018-12-03 13:22:44 UTC
Description of problem:
Certificate Present on Smart card:
# /usr/bin/openssl x509 -in   cert-prasad.pem   -noout -text 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 17 (0x11)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=gsslab.pnq2.redhat.com Security Domain, OU=pki-tomcat, CN=CA Signing Certificate
        Validity
            Not Before: Sep 25 08:16:01 2018 GMT
            Not After : Sep 24 08:16:01 2023 GMT
        Subject: O=Token Key User/UID=prasad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:83:b8:ea:1f:a9:74:dc:4a:43:a9:6c:72:d5:46:
                    4a:67:09:ab:de:33:d4:40:07:32:d6:19:3f:f6:ab:
                    03:57:bd:6d:5a:e7:74:f6:56:c0:5e:b7:be:bd:b3:
                    58:bb:52:c6:5b:22:30:68:a0:e1:9b:61:7e:94:bf:
                    f9:d8:4b:70:29:85:71:c3:b0:1a:33:92:2f:89:fd:
                    e7:16:b7:15:e7:51:45:4c:3a:b2:94:36:9a:d5:89:
                    67:e9:ea:f4:45:97:38:93:81:f5:4e:ee:ef:2a:67:
                    3a:e5:81:d5:ce:e1:0d:07:c3:c7:7d:38:22:19:18:
                    46:f4:8e:42:74:28:67:cc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Key Encipherment
            X509v3 Subject Alternative Name: 
                email:$request.mail$
            X509v3 Subject Key Identifier: 
                01:84:DF:58:D0:D2:A0:BC:82:C3:DE:55:4F:CE:4A:BD:6C:D4:92:B0
            X509v3 Authority Key Identifier: 
                keyid:85:C1:17:3F:38:A1:E7:57:72:33:5A:52:9B:5A:98:63:8D:9B:EA:CF

            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
         a0:fc:99:9e:fb:05:33:bc:b0:0d:93:4f:72:98:b4:0c:a3:5c:
         9b:2d:ea:e5:f5:d8:f5:af:b5:82:e4:71:49:8b:38:94:99:65:
         70:8f:14:9c:e9:ee:57:75:26:a3:95:5c:de:39:a7:7c:62:33:
         74:0a:e5:50:d2:86:30:f5:00:90:4a:68:ea:c8:9a:c2:76:ae:
         29:8f:40:3b:0f:e8:35:fc:e3:e0:39:9d:db:a8:44:68:34:85:
         a6:3c:2d:5b:43:83:23:85:f0:58:20:15:45:7e:eb:52:16:34:
         29:c4:9e:43:ae:76:28:08:41:f0:e8:65:44:18:f3:e6:8d:18:
         e1:10:22:2d:dc:22:1a:0d:4c:b2:9c:9c:0c:df:ce:a1:56:41:
         2c:04:e6:54:7b:42:16:bb:db:91:67:98:ea:eb:b3:fc:0f:54:
         6d:36:5c:61:f7:9a:ce:04:da:2e:2b:31:44:e6:ba:70:cd:5a:
         90:2f:d5:88:29:22:b0:c3:ca:d7:0c:57:c8:68:92:a5:32:d8:
         ac:80:a1:33:47:47:f8:4a:82:71:f0:30:0e:ee:f6:25:2d:4c:
         3c:43:74:6e:ee:b3:5d:77:f2:5d:9f:6d:ce:28:48:05:21:25:
         07:e4:d5:d3:27:3d:45:14:d1:8a:25:35:8e:bd:dd:c1:a6:96:
         6d:39:ea:e2

[root@localhost ~]# cat /etc/sssd/sssd.conf 
[sssd]
domains = sysfiles
services = nss,pam
debug level = 10

[pam]
pam_cert_auth =True
debug level = 10

[domain/sysfiles]
id_provider = files
debug level = 10

[certmap/sysfiles/prasad]
;matchrule = <SUBJECT>,*CN=prasad.*
matchrule = <SUBJECT>,*CN=O=Token Key User/UID=prasad.*
[root@localhost ~]#

[root@localhost ~]# service sssd status
Redirecting to /bin/systemctl status sssd.service
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2018-12-03 18:28:24 IST; 5min ago
 Main PID: 3809 (sssd)
    Tasks: 4 (limit: 4687)
   Memory: 32.0M
   CGroup: /system.slice/sssd.service
           ├─3809 /usr/sbin/sssd -i --logger=files
           ├─3810 /usr/libexec/sssd/sssd_be --domain sysfiles --uid 0 --gid 0 --logger=files
           ├─3811 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
           └─3812 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --logger=files

Dec 03 18:28:24 localhost.localdomain systemd[1]: Starting System Security Services Daemon...
Dec 03 18:28:24 localhost.localdomain sssd[3809]: Starting up
Dec 03 18:28:24 localhost.localdomain sssd[be[sysfiles]][3810]: Starting up
Dec 03 18:28:24 localhost.localdomain sssd[nss][3811]: Starting up
Dec 03 18:28:24 localhost.localdomain sssd[pam][3812]: Starting up
Dec 03 18:28:24 localhost.localdomain systemd[1]: Started System Security Services Daemon.
[root@localhost ~]# 

[root@localhost sssd]# authselect current
Profile ID: sssd
Enabled features:
- with-mkhomedir
- with-smartcard
[root@localhost sssd]# 

/etc/passwd
prasad:x:1002:1002::/home/prasad:/bin/bash

# ls -ltr /etc/sssd/pki/sssd_auth_ca_db.pem 
-rw-r--r-- 1 root root 1449 Dec  1 19:37 /etc/sssd/pki/sssd_auth_ca_db.pem
[root@localhost sssd]# 


Version-Release number of selected component (if applicable):
# rpm -qa | grep sssd
sssd-2.0.0-3.fc29.x86_64
sssd-krb5-common-2.0.0-3.fc29.x86_64
sssd-ipa-2.0.0-3.fc29.x86_64
sssd-nfs-idmap-2.0.0-3.fc29.x86_64
sssd-client-2.0.0-3.fc29.x86_64
sssd-proxy-2.0.0-3.fc29.x86_64
sssd-common-pac-2.0.0-3.fc29.x86_64
sssd-krb5-2.0.0-3.fc29.x86_64
sssd-kcm-2.0.0-3.fc29.x86_64
sssd-common-2.0.0-3.fc29.x86_64
sssd-ad-2.0.0-3.fc29.x86_64
python3-sssdconfig-2.0.0-3.fc29.noarch
sssd-ldap-2.0.0-3.fc29.x86_64
[root@localhost ~]#

How reproducible:
Always

Steps to Reproduce:
1. Created sssd.conf as mentioned above
2. configured authselect for 'sssd-with-mkhomedir', 'with-smartcard'
3. copied CA file to /etc/sssd/pki
4. Added local user and added certmap section.
5. logged out, But GDM does not prompt for PIN.

Actual results:
PIN not prompted on GDM

Expected results:
PIN should be prompted.

Additional info:

Comment 4 Sumit Bose 2018-12-03 15:40:27 UTC
There is no authentication attempt recorded in sssd_pam. Did you restart gdm after calling authselect? How does the PAM configuration looks like? Does it work with su?

Comment 5 amitkuma 2018-12-04 12:24:04 UTC
Dear sumit.
Thanks for response.

I restarted gdm. 
# service gdm restart
Restarted server.
But on console nothing PIN not asked.

||Does it work with su?
test-user# su - prasad
does not prompt for pin.

selinux is disabled.


/etc/system-auth
# Generated by authselect on Tue Dec  4 17:26:13 2018
# Do not modify this file manually.

auth        required                                     pam_env.so
auth        required                                     pam_faildelay.so delay=2000000
auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet
auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
auth        sufficient                                   pam_unix.so nullok try_first_pass
auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient                                   pam_sss.so forward_pass
auth        required                                     pam_deny.so

account     required                                     pam_unix.so
account     sufficient                                   pam_localuser.so
account     sufficient                                   pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required                                     pam_permit.so

password    requisite                                    pam_pwquality.so try_first_pass local_users_only
password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient                                   pam_sss.so use_authtok
password    required                                     pam_deny.so

session     optional                                     pam_keyinit.so revoke
session     required                                     pam_limits.so
-session    optional                                     pam_systemd.so
session     optional                                     pam_oddjob_mkhomedir.so umask=0077
session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
session     required                                     pam_unix.so
session     optional                                     pam_sss.so

/etc/password-auth
# Generated by authselect on Tue Dec  4 17:26:13 2018
# Do not modify this file manually.

auth        required                                     pam_env.so
auth        required                                     pam_faildelay.so delay=2000000
auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet
auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
auth        sufficient                                   pam_unix.so nullok try_first_pass
auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient                                   pam_sss.so forward_pass
auth        required                                     pam_deny.so

account     required                                     pam_unix.so
account     sufficient                                   pam_localuser.so
account     sufficient                                   pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required                                     pam_permit.so

password    requisite                                    pam_pwquality.so try_first_pass local_users_only
password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient                                   pam_sss.so use_authtok
password    required                                     pam_deny.so

session     optional                                     pam_keyinit.so revoke
session     required                                     pam_limits.so
-session    optional                                     pam_systemd.so
session     optional                                     pam_oddjob_mkhomedir.so umask=0077
session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
session     required                                     pam_unix.so
session     optional                                     pam_sss.so

/etc/smartcard-auth
# Generated by authselect on Tue Dec  4 17:26:13 2018
# Do not modify this file manually.

auth        required                                     pam_env.so
auth        sufficient                                   pam_sss.so allow_missing_name
auth        required                                     pam_deny.so

account     required                                     pam_unix.so
account     sufficient                                   pam_localuser.so
account     sufficient                                   pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required                                     pam_permit.so

session     optional                                     pam_keyinit.so revoke
session     required                                     pam_limits.so
-session     optional                                    pam_systemd.so
session     optional                                     pam_oddjob_mkhomedir.so umask=0077
session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
session     required                                     pam_unix.so
session     optional                                     pam_sss.so

Comment 6 Sumit Bose 2018-12-04 12:54:04 UTC
(In reply to amitkuma from comment #5)
> Dear sumit.
> Thanks for response.
> 
> I restarted gdm. 
> # service gdm restart
> Restarted server.
> But on console nothing PIN not asked.
> 
> ||Does it work with su?
> test-user# su - prasad
> does not prompt for pin.
> 

It's the other way round, you have to call su as user prasad. Does this prompt fir a PIN? If not can you attach the SSSD logs and /var/log/secure or the journal output covering the su attempt?

Comment 7 amitkuma 2018-12-26 11:41:36 UTC
Hey sumit,

My bad after adding opensc module to nssdb its gone for asking PIN on GDM.
# modutil    -add libopensc    -libfile /usr/lib64/opensc-pkcs11.so  -dbdir /etc/pki/nssdb
This may be good thing to include in documentation.

But now at GDM prompt flickers at, Its not allowing to enter PIN either, just flickering:
"Sorry that didn't work.  Please try again." 
and when I click cancel.
"Authentication Error"

# useradd prasad
# sssd.conf
[sssd]
domains = amit
services = nss, pam
certificate_verification = no_verification
certificate_verification = no_ocsp
debug_level = 10

[pam]
debug_level = 10
pam_cert_auth = True

[nss]
debug_level = 10

[domain/amit]
id_provider = files
debug_level = 10

[certmap/amit/prasad]
matchrule = <SUBJECT>.*CN=prasad.*

# authselect select sssd with-mkhomedir with-smartcard
<succeed>
# 

My smart-card user certificate:
# /usr/bin/openssl x509 -in /root/cert-prasad.pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 17 (0x11)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=gsslab.pnq2.redhat.com Security Domain, OU=pki-tomcat, CN=CA Signing Certificate
        Validity
            Not Before: Dec 20 06:16:31 2018 GMT
            Not After : Dec 19 06:16:31 2023 GMT
        Subject: CN=prasad, O=Token Key User/UID=prasad
        Subject Public Key Info:


I find "Section [certmap/amit/prasad] is not allowed in sssd.log"?

# cd /var/log/sssd
# grep -r . -e prasad
./sssd_amit.log:(Wed Dec 26 16:52:52 2018) [sssd[be[amit]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=prasad@amit,cn=users,cn=amit,cn=sysdb].
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [enum_files_users] (0x1000): User found (prasad, x, 1005, 1005, , /home/prasad, /bin/bash)
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_store_user] (0x1000): User prasad@amit does not exist.
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_ldb_msg_difference] (0x2000): Added attr [isPosix] to entry [name=prasad@amit,cn=users,cn=amit,cn=sysdb]
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_set_entry_attr] (0x0200): Entry [name=prasad@amit,cn=users,cn=amit,cn=sysdb] has set [cache, ts_cache] attrs.
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_store_user] (0x0400): User "prasad@amit" has been stored
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_delete_recursive] (0x4000): Trying to delete [name=prasad@amit,cn=groups,cn=amit,cn=sysdb].
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [enum_files_groups] (0x1000): Group found (prasad, 1005)
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_check_ts_cache] (0x2000): Cannot find TS cache entry for [name=prasad@amit,cn=groups,cn=amit,cn=sysdb]: [2]: No such file or directory
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_store_group] (0x1000): Group prasad@amit does not exist.
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_ldb_msg_difference] (0x2000): Added attr [isPosix] to entry [name=prasad@amit,cn=groups,cn=amit,cn=sysdb]
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_set_entry_attr] (0x0200): Entry [name=prasad@amit,cn=groups,cn=amit,cn=sysdb] has set [cache, ts_cache] attrs.
./sssd_amit.log:(Wed Dec 26 16:52:53 2018) [sssd[be[amit]]] [sysdb_store_group] (0x0400): Group "prasad@amit" has been stored
./sssd.log:(Wed Dec 26 16:52:52:802291 2018) [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sections]: Section [certmap/amit/prasad] is not allowed. Check for typos.     <<<<<<<<<

Comment 8 Orion Poplawski 2019-05-06 20:38:05 UTC
I'm having similar problems getting GDM to prompt for smartcard login.  On a freshly installed F29 system with smartcard auth enabled, gdm does not react at all to my yubikey being inserted.  I've not changed the modutil config:

modutil -list -dbdir /etc/pki/nssdb

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal Crypto Services
           uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.43
         slots: 1 slot attached
        status: loaded

         slot: NSS FIPS 140-2 User Private Key Services
        token: NSS FIPS 140-2 Certificate DB
          uri: pkcs11:token=NSS%20FIPS%20140-2%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

  2. p11-kit-proxy
        library name: p11-kit-proxy.so
           uri: pkcs11:library-manufacturer=PKCS%2311%20Kit;library-description=PKCS%2311%20Kit%20Proxy%20Module;library-version=1.1
         slots: 1 slot attached
        status: loaded

         slot: Yubico YubiKey OTP+FIDO+CCID 00 00
        token: Orion Poplawski
          uri: pkcs11:token=Orion%20Poplawski;manufacturer=piv_II;serial=d75c91b27c25efbd;model=PKCS%2315%20emulated
-----------------------------------------------------------

Do we still need to install the opensc module or is p11-kit-proxy supposed to handle this (as it seems to do)?

Comment 9 Orion Poplawski 2019-05-06 21:01:46 UTC
If I restart gdm with the smartcard inserted I get prompted for the cert/pin.

Comment 10 Orion Poplawski 2019-05-06 21:07:34 UTC
Some more details - I'm running with the user list disabled so at boot I'm presented with a "Username" prompt.  If I enter my username and click next I'm presented with a prompt for my pin and I'm able to log in.  So it works, but I'm used to seeing the prompt change on card insertion to asking which certificate I want to use to login with (my card has multiple certificates).

Comment 11 Sumit Bose 2019-05-07 05:20:28 UTC
(In reply to Orion Poplawski from comment #10)
> Some more details - I'm running with the user list disabled so at boot I'm
> presented with a "Username" prompt.  If I enter my username and click next
> I'm presented with a prompt for my pin and I'm able to log in.  So it works,
> but I'm used to seeing the prompt change on card insertion to asking which
> certificate I want to use to login with (my card has multiple certificates).

Hi,

can you check if /etc/dconf/db/distro.d/20-authselect or similar exists and what is the content?

There should be something like 

[org/gnome/login-screen]
enable-smartcard-authentication=true
...

to enable this feature.

Additionally does /usr/share/dconf/profile/gdm exists and contains 'system-db:distro' besides other entries?

bye,
Sumit

Comment 12 Sumit Bose 2019-05-07 05:23:22 UTC
Another idea, Yubikeys are special here because from the PKCS#11 perspective they are reader and Smartcard in one device. The NSS calls used by gdm might simply not be able to detect the insertion. Do you have the chance to test with a "real" Smartcard reader and a Smartcard?

bye,
Sumit

Comment 13 Orion Poplawski 2019-05-07 17:21:07 UTC
# cat /etc/dconf/db/distro.d/20-authselect
# Generated by authselect on Mon May  6 14:25:55 2019
# Do not modify this file manually.

[org/gnome/login-screen]
enable-smartcard-authentication=true
enable-fingerprint-authentication=false
enable-password-authentication=true

[org/gnome/settings-daemon/peripherals/smartcard]
removal-action='lock-screen'

# cat /usr/share/dconf/profile/gdm
user-db:user
system-db:local
system-db:site
system-db:distro
file-db:/usr/share/gdm/greeter-dconf-defaults

I *think* all that is not working is detection of the card triggering a response in the gdm display - the login with the PIN works.  Unfortunately I do not have access to any other smartcard devices.  EL7 and Fedora 28 reacted to the insertion of the yubikey though.

Comment 14 Sumit Bose 2019-05-10 09:48:16 UTC
Hi,

can you check on EL7 and F28 systems where the insertion is detected if the OpenSC PKCS#11 module is added to /etc/pki/nssdb directly or via p11-kit-proxy.so as on F29? If it is added directly (I guess it is) can you try to add it to /etc/pki/nssdb on F29 as well?

HTH

bye,
Sumit

Comment 15 Orion Poplawski 2019-05-14 16:52:43 UTC
On the older systems, the OpenSC module is directly added to /etc/pki/nssdb.  If I try to add it to F29 I get:

# modutil -dbdir /etc/pki/nssdb -add "OpenSC" -libfile /usr/lib64/opensc-pkcs11.so

WARNING: Manually adding a module while p11-kit is enabled could cause
duplicate module registration in your security database. It is suggested
to configure the module through p11-kit configuration file instead.

Type 'q <enter>' to abort, or <enter> to continue:

ERROR: Failed to add module "OpenSC". Probable cause : "Unknown PKCS #11 error.".

I also appear to be unable to replace p11-kit-proxy with OpenSC.

Comment 16 Ben Cotton 2019-10-31 19:20:40 UTC
This message is a reminder that Fedora 29 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 29 on 2019-11-26.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '29'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 29 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 17 Orion Poplawski 2019-11-04 18:25:22 UTC
This seems to be working for me with F31 and authselect enable-feature with-smartcard-required.  GDM prompts me to "Please enter smart card" and detects it when inserted.

Comment 18 Ben Cotton 2019-11-27 18:14:43 UTC
Fedora 29 changed to end-of-life (EOL) status on 2019-11-26. Fedora 29 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.