Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 235474 - Default esc.disable.password.prompt to no for secmode
Default esc.disable.password.prompt to no for secmode
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: esc (Show other bugs)
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Jack Magne
Depends On:
Blocks: 443788 497004
  Show dependency treegraph
Reported: 2007-04-05 20:05 EDT by Bob Lord
Modified: 2009-09-02 05:58 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 05:58:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:1310 normal SHIPPED_LIVE esc bug fix update 2009-09-01 06:21:48 EDT

  None (edit)
Description Thomas Kwan 2007-04-05 20:05:45 EDT
If secmode is used, I want to ESC to set the following preference to "no" by default

Comment 1 Red Hat Bugzilla 2007-10-27 11:41:31 EDT
User nkwan@redhat.com's account has been closed
Comment 2 Jack Magne 2008-05-06 20:23:17 EDT
Created by Thomas, related to security officer enrollment, we should do it.
Comment 3 Jack Magne 2009-02-24 22:18:51 EST
The fix will be to change this setting to the desired default value.
Comment 4 Jack Magne 2009-02-26 22:12:58 EST
This can't be fixed now because of the following. 
ESC needs to know as soon as it starts whether or not is should suppress this password prompt. This is because this is done when ESC initialized NSS at the beginning of its operation. More thought will have to be given towards making this more dynamic. We could just default it to give the password prompt, but this could make using regular ESC annoying due to too many password prompts.
Comment 5 Jack Magne 2009-03-28 20:10:38 EDT
Since we now have a url preference for security officer mode, this particular pref will no longer be needed.
Comment 6 Jack Magne 2009-03-28 20:15:29 EDT
Changes to implement this feature.

Index: src/lib/coolkey/CoolKey.cpp
RCS file: /cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v
retrieving revision 1.8
diff -r1.8 CoolKey.cpp
>     char tBuff[56];
<     char * suppressPINPrompt =(char*) CoolKeyGetConfig("esc.disable.password.p
>     char * suppressPINPrompt =(char*) CoolKeyGetConfig("esc.security.url");
>     PR_LOG( coolKeyLog, PR_LOG_DEBUG, ("%s CoolKeySetCallbacks: prompt %s \n",
 GetTStamp(tBuff,56), suppressPINPrompt));
<     if(suppressPINPrompt && !strcmp(suppressPINPrompt,"yes"))
>     if(!suppressPINPrompt)
Comment 7 Matthew Harmsen 2009-03-28 20:17:26 EDT
Comment #6 +mharmsen
Comment 8 Jack Magne 2009-03-28 20:24:50 EDT
$ cvs -d :ext:jmagne@cvs.fedora.redhat.com/cvs/dirsec commit -m "Fix for #23547
4, remove password prompt pref for Security Officer mode."
cvs commit: Examining .
cvs commit: Examining NssHttpClient
cvs commit: Examining coolkey
cvs commit: Examining notifytray
Checking in coolkey/CoolKey.cpp;
/cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v  <--  CoolKey.cpp
new revision: 1.9; previous revision: 1.8
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Comment 9 Scott Haines 2009-04-22 14:40:02 EDT
Changing product from Certificate System to Red Hat Enterprise 5.  Rebase of
ESC to version 1.1.0 to pick up present and future Certificate System v8 fixes.
Comment 10 Scott Haines 2009-04-22 14:41:42 EDT
Setting ack request.
Comment 11 Scott Haines 2009-04-22 15:01:28 EDT
Setting devel ack.
Comment 14 Asha Akkiangady 2009-07-24 14:54:43 EDT

Performed token enrollment tests using Gemalto 64K smart cards on Rhel 5.3 i386 and x86_64 with the pref("esc.disable.password.prompt","no");, Security officer enrollment/format, from security officer station user enrollment/format works fine.
coolkey version: coolkey-1.1.0-6.el5 (latest from RHEL5.3 BaseOS)
esc version: esc-1.1.0-9.el5 (cs 8.0 build)
Comment 16 errata-xmlrpc 2009-09-02 05:58:08 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.