Description of problem: This is a result of a recent change to allow pkiremove to accept a token / token pwd when contacting the security domain to remove the security domain entry. The problem is that pkiremove parses as "internal=foo", which is what the password.conf file looks like after configuration has taken place. Before then, though, the password.conf file looks like internal:foo The simple fix is to make pkicreate create the password.conf file using internal=foo for all Java subsystems. Version-Release number of selected component (if applicable): How reproducible: 1. pkicreate an instance 2. pkiremove the instance -- you will be prompted for the internal password even though password.conf is not there. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 516790 [details] patch to fix
8.1: [vakwetu@goofy-vm4 base]$ svn ci -m "Resolves #728377 - pkiremove parses password.conf incorrectly for unconfigured java subsystems, causing prompt for token pwd" Sending base/setup/pkicreate Transmitting file data . Committed revision 2130. 8.2+: [vakwetu@goofy-vm4 base]$ svn ci -m "Resolves #728377 - pkiremove parses password.conf incorrectly for unconfigured java subsystems, causing prompt for token pwd" Sending base/setup/pkicreate Transmitting file data . Committed revision 2131.
Verified. RHEL Version: Red Hat Enterprise Linux Server release 5.6 (Tikanga) RHCS Version: pki-setup-8.1.0-4.el5pki Steps used to verify: (1)pkicreate any Java subsystem (2)grep password.conf that internal password is written like "internal=*" instead of "internal:*" before configuration (3)pkiremove instance created in step (1) Result: 'pki-ca' must still be CONFIGURED! (see /var/log/pki-ca-install.log) Before proceeding with the configuration, make sure the firewall settings of this machine permit proper access to this subsystem. Please start the configuration by accessing: https://cs81box.pnq.redhat.com:9445/ca/admin/console/config/login?pin=NYEwmHnoPMJsJdOTvr8a After configuration, the server can be operated by the command: /sbin/service pki-ca start | stop | restart [root@cs81box ~]# cat /var/lib/pki-ca/conf/password.conf internal=344222854167 Now for Java subsystem , internal password is written like "internal= *" before configuration and pkiremove does not asks for token pwd for unconfigured java subsystem. For RA and TPS subsystem, internal password is written like "internal: *" before configuration.