Bug 523568 - rhcs80 esc - cannot enroll on some passwords when using SSHA password storage scheme
Summary: rhcs80 esc - cannot enroll on some passwords when using SSHA password storag...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: esc
Version: 5.5
Hardware: All
OS: Linux
urgent
medium
Target Milestone: ---
: ---
Assignee: Jack Magne
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 445047 512842 549540 556639
TreeView+ depends on / blocked
 
Reported: 2009-09-16 01:33 UTC by Marc Sauton
Modified: 2018-10-27 16:04 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 549540 (view as bug list)
Environment:
Last Closed: 2009-12-22 00:03:09 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:1687 normal SHIPPED_LIVE esc bug fix update 2009-12-22 00:03:07 UTC

Comment 19 Asha Akkiangady 2009-12-09 16:37:15 UTC
Enrollment/format/pin reset ESC operations on windows vista and XP 32 and 64 bit is successful when password string combination of {a-z} {A-Z} {0-9} {~!@#$%^&*()_+?[];} with SSHA password scheme. There is a caveat using ! character in the password. 

Deon, please document this:

ESC exhibits a different behaviour for character ! compared to $ in the password.
  
For password that has a character "$" :
 - creating a pwdhash with "$" (no escape) succeeds and entering
password with $ in ESC client - authentication fails.
 - creating a pwdhash with "\$" (with escape) succeeds and entering 
password with $ in esc client  - authentication works fine.

When a password has character "!":
 - creating a pwdhash fails with error 'bash event ! not found' .
 - creating a pwdhash with "\!" (with escape) succeeds and entering 
password with ! in esc client  - authentication fails.
 - creating a pwdhash with "\!" (with escape) succeeds and entering 
password with \! in esc client  - authentication works fine.

Comment 21 Deon Ballard 2009-12-10 18:54:23 UTC
Even though this bug is fixed, I added this to the "known issues" section of the release notes, since if anyone encounters it on Windows, they may check there first. It's the last one in the table:
http://elladeon.fedorapeople.org/cs/relnotes/Release_Notes-Known_Issues-new.html

There are two places in the ESC guide that mention LDAP authentication, once for formatting user cards and once for formatting sec officer cards:

    * http://elladeon.fedorapeople.org/cs/esc/Using_the_Enterprise_Security_Client-Smart_Card_Auto_Enrollment.html
    * http://elladeon.fedorapeople.org/cs/esc/secmod-new.html

Those two have the same note as the release notes.

Comment 22 Asha Akkiangady 2009-12-10 22:32:28 UTC
Verified that the bug is fixed and the doc edits for release notes and esc sections looks good.

Comment 28 errata-xmlrpc 2009-12-22 00:03:09 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1687.html


Note You need to log in before you can comment on or make changes to this bug.