Bug 204959 - Issuer Showing up as Unknown, even though it's showing as Enrolled
Issuer Showing up as Unknown, even though it's showing as Enrolled
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: esc (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jack Magne
RHEL5.0NACK
:
Depends On:
Blocks: 202042
  Show dependency treegraph
 
Reported: 2006-09-01 14:56 EDT by Suzanne Hillman
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2007-0634
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 11:57:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Shows the unknown Issuer at the same time as the ENROLLED state (1002.27 KB, image/png)
2006-09-01 14:56 EDT, Suzanne Hillman
no flags Details

  None (edit)
Description Suzanne Hillman 2006-09-01 14:56:29 EDT
Description of problem:
Issuer Showing up as Unknown, even though it's showing as Enrolled. It showed as
Verocity Inc when I formatted and enrolled it, but it apparently didn't keep it.
See screenshot.

Version-Release number of selected component (if applicable):
esc-1.0.0-8.fc6
pam_pkcs11-0.5.3-14
coolkey-1.0.1-3
Comment 1 Suzanne Hillman 2006-09-01 14:56:29 EDT
Created attachment 135404 [details]
Shows the unknown Issuer at the same time as the ENROLLED state
Comment 2 Jack Magne 2006-09-16 21:42:03 EDT
Here is one scenario where this could happen.

1. TPS was down.
2. ESC maybe had not seen this key before.
3. ESC tried to phone home and get the information and failed.
Comment 3 Bob Lord 2006-09-21 14:26:43 EDT
Can you still reproduce this bug?
Comment 4 Suzanne Hillman 2006-09-21 14:34:28 EDT
Yeah. I had that happening again before I reformatted and enrolled again, this
morning. (with the 0920 tree bits)
Comment 5 RHEL Product and Program Management 2006-11-20 16:59:33 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 6 Chandrasekar Kannan 2006-11-21 09:32:01 EST
per SSO bug council on 11/17, we will target this for rhel 5.0 release
candidates. this is not a blocker. 
Comment 7 Benjamin Kahn 2007-01-04 14:59:08 EST
This bug was proposed for RHEL 5, but wasn't resolved in time.
    I am proposing this issue to RHEL 5.1.
Comment 8 Chandrasekar Kannan 2007-03-20 00:45:11 EDT
per the last bug meeting, we decided this would be fixed in the rhel 5.1 release. 
qa_ack+
Comment 9 Bob Lord 2007-03-28 13:21:49 EDT
This bug was proposed for RHEL 5, but wasn't resolved in time.
    devel_ack+ for RHEL 5.1.
Comment 10 Jack Magne 2007-04-13 14:53:18 EDT
Locally ESC will now try to get the issuer from the certificates in an
unenrolled token if it can not find the information through phone home.
Comment 11 Jack Magne 2007-04-19 21:01:59 EDT
Fixed in build esc-1.0.0-22.el5. 
ESC will now get this value from it's phone home data OR from its certificates.
Comment 13 Jack Magne 2007-06-07 16:38:06 EDT
You may be able to reproduce this with the old ESC by:

1. Stop ESC.
2. Remove your profile in ~/.redhat/esc
3. Temporarily disable your network link.
4. Start ESC.
5. Put in an enrolled token.

The new ESC should fix this case since it can now gather the issuer info from
certificate info inside the token.

thanks,
jack
Comment 16 Chandrasekar Kannan 2007-08-23 18:04:28 EDT
Verified on x86_64. rhel5u1-snapshot#2.
Comment 18 errata-xmlrpc 2007-11-07 11:57:47 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0634.html

Note You need to log in before you can comment on or make changes to this bug.