Bug 201347 - pam_pkcs11 needs to examine the Logined smartcard environment variable
pam_pkcs11 needs to examine the Logined smartcard environment variable
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam_pkcs11 (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bob Relyea
: 195958 202264 (view as bug list)
Depends On:
Blocks: 181386 181509 202651
  Show dependency treegraph
Reported: 2006-08-04 11:23 EDT by Bob Relyea
Modified: 2007-11-30 17:07 EST (History)
5 users (show)

See Also:
Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-13 09:28:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bob Relyea 2006-08-04 11:23:39 EDT
Description of problem:

If we have logged in with a particular smart card, an environment variable is
set. pam_pkcs11 needs to examine that variable and not allow additional
authentications unless it is with that particular smart card.

Version-Release number of selected component (if applicable):

FC6 test 2, devel
Comment 1 Ray Strode [halfline] 2006-08-11 17:01:15 EDT
*** Bug 202264 has been marked as a duplicate of this bug. ***
Comment 3 Bob Relyea 2006-09-12 20:07:42 EDT
*** Bug 195958 has been marked as a duplicate of this bug. ***
Comment 4 Bob Relyea 2006-09-13 14:03:48 EDT
Fixed in pam_pkcs11-0.5.3-17
Comment 6 Orla Hegarty 2006-09-19 20:09:45 EDT
Release Criteria match 16.d
Comment 7 Orla Hegarty 2006-09-25 17:24:49 EDT
I tried again on my i386 box and I can definitely reproduce this bug there too
now. The main difference between my current i386 box and my x86_84 box is that
my x86_64 box doesn't lock when the smart card is removed due to bug#208018 and
to reproduce this bug there I have to manually lock the screen. 

Steps to Reproduce:
1. From the menu; System -> Administration -> Authentication -> Authentication tab
2. Configure Smart Card -> Card Removal Action -> Lock
3. Log in with a smart card 
4. Remove the smart card
5. Re-insert the smart card
6. Type Kerberos ID to login

I can login with kerberos ID after first logging in with a Smart Card. This
should not be allowed. 

Comment 8 Bob Relyea 2006-09-26 14:13:15 EDT
Fixed in pam_pkcs11-0.5.3-21
Comment 9 Orla Hegarty 2006-10-12 14:12:35 EDT
$ rpm -qa | grep pam_pkcs11

VERIFIED fixed against 20061006.2 
Comment 10 Jay Turner 2006-11-13 09:28:21 EST
Closing out as included in latest RHEL5 builds (20061111.0)

Note You need to log in before you can comment on or make changes to this bug.