Red Hat Bugzilla – Bug 235474
Default esc.disable.password.prompt to no for secmode
Last modified: 2009-09-02 05:58:08 EDT
If secmode is used, I want to ESC to set the following preference to "no" by default
User firstname.lastname@example.org's account has been closed
Created by Thomas, related to security officer enrollment, we should do it.
The fix will be to change this setting to the desired default value.
This can't be fixed now because of the following.
ESC needs to know as soon as it starts whether or not is should suppress this password prompt. This is because this is done when ESC initialized NSS at the beginning of its operation. More thought will have to be given towards making this more dynamic. We could just default it to give the password prompt, but this could make using regular ESC annoying due to too many password prompts.
Since we now have a url preference for security officer mode, this particular pref will no longer be needed.
Changes to implement this feature.
RCS file: /cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v
retrieving revision 1.8
diff -r1.8 CoolKey.cpp
> char tBuff;
< char * suppressPINPrompt =(char*) CoolKeyGetConfig("esc.disable.password.p
> char * suppressPINPrompt =(char*) CoolKeyGetConfig("esc.security.url");
> PR_LOG( coolKeyLog, PR_LOG_DEBUG, ("%s CoolKeySetCallbacks: prompt %s \n",
< if(suppressPINPrompt && !strcmp(suppressPINPrompt,"yes"))
Comment #6 +mharmsen
$ cvs -d :ext:email@example.com/cvs/dirsec commit -m "Fix for #23547
4, remove password prompt pref for Security Officer mode."
cvs commit: Examining .
cvs commit: Examining NssHttpClient
cvs commit: Examining coolkey
cvs commit: Examining notifytray
Checking in coolkey/CoolKey.cpp;
/cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v <-- CoolKey.cpp
new revision: 1.9; previous revision: 1.8
Changing product from Certificate System to Red Hat Enterprise 5. Rebase of
ESC to version 1.1.0 to pick up present and future Certificate System v8 fixes.
Setting ack request.
Setting devel ack.
Performed token enrollment tests using Gemalto 64K smart cards on Rhel 5.3 i386 and x86_64 with the pref("esc.disable.password.prompt","no");, Security officer enrollment/format, from security officer station user enrollment/format works fine.
coolkey version: coolkey-1.1.0-6.el5 (latest from RHEL5.3 BaseOS)
esc version: esc-1.1.0-9.el5 (cs 8.0 build)
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.