Red Hat Bugzilla – Bug 236268
ESC: get rid of the -secmode option
Last modified: 2015-01-04 18:26:00 EST
ESC: security officer mode.
ESC currently has a command line option to get into this funky
security officer mode.
This doesn't sound good to me.
A security officer token should be made special. It should have a
specific phone home URL burned in. So that the moment they insert
this token, ESC should go directly to this Security officer page.
Security Officers shouldn't be required to launch ESC in a separate
And of course, this security officer mode currently doesn't work
in MAC. So, another reason, to get rid of this command line option.
per rhcs meeting on 04/16, we can target this post 7.3
Let's discuss this one for 8.0.
Here is how this will work for now:
1. No more command line switch.
2. Add a parameter to the esc/defaults/preferences/esc-prefs.js
Below are two examples that allow ESC to use either the Security Officer Enrollment UI or the Security Officer Workstation UI.
> #Sample Security Officer Enrollment UI
> #Sample Security Officer Workstation UI
3. Start esc.
4. When the user clicks on the tray icon or calls up esc from the command line, esc will now pop up the security UI as requested by the parameter.
5. When the parameter is missing, ESC operates as usual.
6. The parameter "esc.disable.password.prompt" must still be set to "no" for this work properly.
Created attachment 333432 [details]
Patch to allow security officer mode to not need a command line switch.
attachment (id=333432) +mharmsen
change line 34 from:
Checking in esc/chrome/content/esc/ESC.js;
/cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v <-- ESC.js
new revision: 1.21; previous revision: 1.20
Checking in esc/components/escCLH.js;
/cvs/dirsec/esc/src/app/xul/esc/components/escCLH.js,v <-- escCLH.js
new revision: 1.4; previous revision: 1.3
Checking in esc/defaults/preferences/esc-prefs.js;
/cvs/dirsec/esc/src/app/xul/esc/defaults/preferences/esc-prefs.js,v <-- esc-pr
new revision: 1.6; previous revision: 1.5
Changing product from Certificate System to Red Hat Enterprise 5. Rebase of
ESC to version 1.1.0 to pick up present and future Certificate System v8 fixes.
Setting ack requests.
Setting devel ack.
Tested token enrollment using Gemalto 64K smart cards on Rhel 5.3 i386
and x86_64 with pref("esc.disable.password.prompt","no"), Security officer
enrollment/format, from security officer station user enrollment/format works
coolkey version: coolkey-1.1.0-6.el5 (latest from RHEL5.3 BaseOS)
esc version: esc-1.1.0-9.el5 (cs 8.0 build)
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.