Description of problem: Issuer Showing up as Unknown, even though it's showing as Enrolled. It showed as Verocity Inc when I formatted and enrolled it, but it apparently didn't keep it. See screenshot. Version-Release number of selected component (if applicable): esc-1.0.0-8.fc6 pam_pkcs11-0.5.3-14 coolkey-1.0.1-3
Created attachment 135404 [details] Shows the unknown Issuer at the same time as the ENROLLED state
Here is one scenario where this could happen. 1. TPS was down. 2. ESC maybe had not seen this key before. 3. ESC tried to phone home and get the information and failed.
Can you still reproduce this bug?
Yeah. I had that happening again before I reformatted and enrolled again, this morning. (with the 0920 tree bits)
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion.
per SSO bug council on 11/17, we will target this for rhel 5.0 release candidates. this is not a blocker.
This bug was proposed for RHEL 5, but wasn't resolved in time. I am proposing this issue to RHEL 5.1.
per the last bug meeting, we decided this would be fixed in the rhel 5.1 release. qa_ack+
This bug was proposed for RHEL 5, but wasn't resolved in time. devel_ack+ for RHEL 5.1.
Locally ESC will now try to get the issuer from the certificates in an unenrolled token if it can not find the information through phone home.
Fixed in build esc-1.0.0-22.el5. ESC will now get this value from it's phone home data OR from its certificates.
You may be able to reproduce this with the old ESC by: 1. Stop ESC. 2. Remove your profile in ~/.redhat/esc 3. Temporarily disable your network link. 4. Start ESC. 5. Put in an enrolled token. The new ESC should fix this case since it can now gather the issuer info from certificate info inside the token. thanks, jack
Verified on x86_64. rhel5u1-snapshot#2.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0634.html