728377 – pkiremove parses password.conf incorrectly for unconfigured java subsystems, causing prompt for token pwd

Bug 728377 - pkiremove parses password.conf incorrectly for unconfigured java subsystems, causing prompt for token pwd

Summary: pkiremove parses password.conf incorrectly for unconfigured java subsystems, ...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Dogtag Certificate System
Classification:	Retired
Component:	Installer (pkicreate/pkiremove)
Sub Component:
Version:	9.0
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Ade Lee
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	445047
TreeView+	depends on / blocked

Reported:	2011-08-04 20:58 UTC by Ade Lee
Modified:	2015-01-06 01:17 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-06-04 20:02:53 UTC
Embargoed:

Attachments	(Terms of Use)
patch to fix (823 bytes, patch) 2011-08-04 21:06 UTC, Ade Lee	mharmsen: review+	Details \| Diff
View All

Description Ade Lee 2011-08-04 20:58:55 UTC

Description of problem:

This is a result of a recent change to allow pkiremove to accept a token / token pwd when contacting the security domain to remove the security domain entry.

The problem is that pkiremove parses as "internal=foo", which is what the password.conf file looks like after configuration has taken place.  Before then, though, the password.conf file looks like internal:foo

The simple fix is to make pkicreate create the password.conf file using internal=foo for all Java subsystems.
 
Version-Release number of selected component (if applicable):


How reproducible:
1. pkicreate an instance
2. pkiremove the instance -- you will be prompted for the internal password even though password.conf is not there.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Ade Lee 2011-08-04 21:06:31 UTC

Created attachment 516790 [details]
patch to fix

Comment 2 Ade Lee 2011-08-09 18:08:15 UTC

8.1:

[vakwetu@goofy-vm4 base]$ svn ci -m "Resolves #728377 - pkiremove parses password.conf incorrectly for unconfigured java subsystems, causing prompt for token pwd" 
Sending        base/setup/pkicreate
Transmitting file data .
Committed revision 2130.

8.2+:

[vakwetu@goofy-vm4 base]$ svn ci -m "Resolves #728377 - pkiremove parses password.conf incorrectly for unconfigured java subsystems, causing prompt for token pwd"
Sending        base/setup/pkicreate
Transmitting file data .
Committed revision 2131.

Comment 5 Kaleem 2011-08-16 07:15:43 UTC

Verified.

RHEL Version:
Red Hat Enterprise Linux Server release 5.6 (Tikanga)

RHCS Version:
pki-setup-8.1.0-4.el5pki

Steps used to verify:
(1)pkicreate any Java subsystem 
(2)grep password.conf that internal password is written like "internal=*"
instead of "internal:*" before configuration
(3)pkiremove instance created in step (1)

Result:

    'pki-ca' must still be CONFIGURED!
    (see /var/log/pki-ca-install.log)

Before proceeding with the configuration, make sure 
the firewall settings of this machine permit proper 
access to this subsystem. 

Please start the configuration by accessing:

https://cs81box.pnq.redhat.com:9445/ca/admin/console/config/login?pin=NYEwmHnoPMJsJdOTvr8a

After configuration, the server can be operated by the command:

    /sbin/service pki-ca start | stop | restart

[root@cs81box ~]# cat /var/lib/pki-ca/conf/password.conf 
internal=344222854167

Now for Java subsystem , internal password is written like "internal=
*" before configuration and pkiremove does not asks for token pwd for
unconfigured java subsystem.

For RA and TPS subsystem, internal password is written like "internal:
*" before configuration.

Note You need to log in before you can comment on or make changes to this bug.