If secmode is used, I want to ESC to set the following preference to "no" by default pref("esc.disable.password.prompt","no");
User nkwan's account has been closed
Created by Thomas, related to security officer enrollment, we should do it.
The fix will be to change this setting to the desired default value.
This can't be fixed now because of the following. ESC needs to know as soon as it starts whether or not is should suppress this password prompt. This is because this is done when ESC initialized NSS at the beginning of its operation. More thought will have to be given towards making this more dynamic. We could just default it to give the password prompt, but this could make using regular ESC annoying due to too many password prompts.
Since we now have a url preference for security officer mode, this particular pref will no longer be needed.
Changes to implement this feature. Index: src/lib/coolkey/CoolKey.cpp =================================================================== RCS file: /cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v retrieving revision 1.8 diff -r1.8 CoolKey.cpp 268a269 > char tBuff[56]; 275c276,278 < char * suppressPINPrompt =(char*) CoolKeyGetConfig("esc.disable.password.p rompt"); --- > char * suppressPINPrompt =(char*) CoolKeyGetConfig("esc.security.url"); > > PR_LOG( coolKeyLog, PR_LOG_DEBUG, ("%s CoolKeySetCallbacks: prompt %s \n", GetTStamp(tBuff,56), suppressPINPrompt)); 277c280 < if(suppressPINPrompt && !strcmp(suppressPINPrompt,"yes")) --- > if(!suppressPINPrompt)
Comment #6 +mharmsen
$ cvs -d :ext:jmagne.redhat.com/cvs/dirsec commit -m "Fix for #23547 4, remove password prompt pref for Security Officer mode." cvs commit: Examining . cvs commit: Examining NssHttpClient cvs commit: Examining coolkey cvs commit: Examining notifytray Checking in coolkey/CoolKey.cpp; /cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v <-- CoolKey.cpp new revision: 1.9; previous revision: 1.8 done Running syncmail... Mailing relnotes... ...syncmail done. Running syncmail... Mailing cvsdirsec... ...syncmail done.
Changing product from Certificate System to Red Hat Enterprise 5. Rebase of ESC to version 1.1.0 to pick up present and future Certificate System v8 fixes.
Setting ack request.
Setting devel ack.
Verified. Performed token enrollment tests using Gemalto 64K smart cards on Rhel 5.3 i386 and x86_64 with the pref("esc.disable.password.prompt","no");, Security officer enrollment/format, from security officer station user enrollment/format works fine. coolkey version: coolkey-1.1.0-6.el5 (latest from RHEL5.3 BaseOS) esc version: esc-1.1.0-9.el5 (cs 8.0 build)
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1310.html