Bug 236268 - ESC: get rid of the -secmode option
ESC: get rid of the -secmode option
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: esc (Show other bugs)
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Jack Magne
Depends On:
Blocks: 443788 497004
  Show dependency treegraph
Reported: 2007-04-12 15:27 EDT by Chandrasekar Kannan
Modified: 2015-01-04 18:26 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 05:58:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to allow security officer mode to not need a command line switch. (3.13 KB, patch)
2009-02-26 22:05 EST, Jack Magne
no flags Details | Diff

  None (edit)
Description Chandrasekar Kannan 2007-04-12 15:27:32 EDT
ESC: security officer mode.

ESC currently has a command line option to get into this funky 
security officer mode.

This doesn't sound good to me.

A security officer token should be made special. It should have a 
specific phone home URL burned in. So that the moment they insert
this token, ESC should go directly to this Security officer page.

Security Officers shouldn't be required to launch ESC in a separate

And of course, this security officer mode currently doesn't work
in MAC. So, another reason, to get rid of this command line option.
Comment 1 Chandrasekar Kannan 2007-04-16 14:09:33 EDT
per rhcs meeting on 04/16, we can target this post 7.3
Comment 2 Jack Magne 2008-05-06 20:25:18 EDT
Let's discuss this one for 8.0.
Comment 3 Jack Magne 2009-02-26 22:04:19 EST
Here is how this will work for now:

1. No more command line switch.

2. Add a parameter to the esc/defaults/preferences/esc-prefs.js


Below are two examples that allow ESC to use either the Security Officer Enrollment UI or the Security Officer Workstation UI.

> #Sample Security Officer Enrollment UI
> #pref("esc.security.url","http://test.host.com:7888/cgi-bin/so/enroll.cgi");
> #Sample Security Officer Workstation UI
> #pref("esc.security.url","https://test.host.com:7889/cgi-bin/sow/welcome.cgi")

3. Start esc.

4. When the user clicks on the tray icon or calls up esc from the command line, esc will now pop up the security UI as requested by the parameter.

5. When the parameter is missing, ESC operates as usual.

6. The parameter "esc.disable.password.prompt" must still be set to "no" for this work properly.
Comment 4 Jack Magne 2009-02-26 22:05:28 EST
Created attachment 333432 [details]
Patch to allow security officer mode to not need a command line switch.
Comment 5 Matthew Harmsen 2009-02-26 22:28:46 EST
attachment (id=333432) +mharmsen
change line 34 from:   	



Comment 6 Jack Magne 2009-02-26 22:33:27 EST
Checking in esc/chrome/content/esc/ESC.js;
/cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v  <--  ESC.js
new revision: 1.21; previous revision: 1.20
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in esc/components/escCLH.js;
/cvs/dirsec/esc/src/app/xul/esc/components/escCLH.js,v  <--  escCLH.js
new revision: 1.4; previous revision: 1.3
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in esc/defaults/preferences/esc-prefs.js;
/cvs/dirsec/esc/src/app/xul/esc/defaults/preferences/esc-prefs.js,v  <--  esc-pr
new revision: 1.6; previous revision: 1.5
Comment 7 Scott Haines 2009-04-22 14:42:33 EDT
Changing product from Certificate System to Red Hat Enterprise 5.  Rebase of
ESC to version 1.1.0 to pick up present and future Certificate System v8 fixes.
Comment 8 Scott Haines 2009-04-22 14:43:15 EDT
Setting ack requests.
Comment 9 Scott Haines 2009-04-22 15:01:11 EDT
Setting devel ack.
Comment 12 Asha Akkiangady 2009-07-24 15:06:10 EDT

Tested token enrollment using Gemalto 64K smart cards on Rhel 5.3 i386
and x86_64 with pref("esc.disable.password.prompt","no"), Security officer
enrollment/format, from security officer station user enrollment/format works

coolkey version: coolkey-1.1.0-6.el5 (latest from RHEL5.3 BaseOS)
esc version: esc-1.1.0-9.el5 (cs 8.0 build)
Comment 14 errata-xmlrpc 2009-09-02 05:58:12 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.