Bug 728377 - pkiremove parses password.conf incorrectly for unconfigured java subsystems, causing prompt for token pwd
Summary: pkiremove parses password.conf incorrectly for unconfigured java subsystems, ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Installer (pkicreate/pkiremove)
Version: 9.0
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Ade Lee
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 445047
TreeView+ depends on / blocked
 
Reported: 2011-08-04 20:58 UTC by Ade Lee
Modified: 2015-01-06 01:17 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-04 20:02:53 UTC


Attachments (Terms of Use)
patch to fix (823 bytes, patch)
2011-08-04 21:06 UTC, Ade Lee
mharmsen: review+
Details | Diff

Description Ade Lee 2011-08-04 20:58:55 UTC
Description of problem:

This is a result of a recent change to allow pkiremove to accept a token / token pwd when contacting the security domain to remove the security domain entry.

The problem is that pkiremove parses as "internal=foo", which is what the password.conf file looks like after configuration has taken place.  Before then, though, the password.conf file looks like internal:foo

The simple fix is to make pkicreate create the password.conf file using internal=foo for all Java subsystems.
 
Version-Release number of selected component (if applicable):


How reproducible:
1. pkicreate an instance
2. pkiremove the instance -- you will be prompted for the internal password even though password.conf is not there.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Ade Lee 2011-08-04 21:06:31 UTC
Created attachment 516790 [details]
patch to fix

Comment 2 Ade Lee 2011-08-09 18:08:15 UTC
8.1:

[vakwetu@goofy-vm4 base]$ svn ci -m "Resolves #728377 - pkiremove parses password.conf incorrectly for unconfigured java subsystems, causing prompt for token pwd" 
Sending        base/setup/pkicreate
Transmitting file data .
Committed revision 2130.

8.2+:

[vakwetu@goofy-vm4 base]$ svn ci -m "Resolves #728377 - pkiremove parses password.conf incorrectly for unconfigured java subsystems, causing prompt for token pwd"
Sending        base/setup/pkicreate
Transmitting file data .
Committed revision 2131.

Comment 5 Kaleem 2011-08-16 07:15:43 UTC
Verified.

RHEL Version:
Red Hat Enterprise Linux Server release 5.6 (Tikanga)

RHCS Version:
pki-setup-8.1.0-4.el5pki

Steps used to verify:
(1)pkicreate any Java subsystem 
(2)grep password.conf that internal password is written like "internal=*"
instead of "internal:*" before configuration
(3)pkiremove instance created in step (1)

Result:

    'pki-ca' must still be CONFIGURED!
    (see /var/log/pki-ca-install.log)

Before proceeding with the configuration, make sure 
the firewall settings of this machine permit proper 
access to this subsystem. 

Please start the configuration by accessing:

https://cs81box.pnq.redhat.com:9445/ca/admin/console/config/login?pin=NYEwmHnoPMJsJdOTvr8a

After configuration, the server can be operated by the command:

    /sbin/service pki-ca start | stop | restart

[root@cs81box ~]# cat /var/lib/pki-ca/conf/password.conf 
internal=344222854167

Now for Java subsystem , internal password is written like "internal=
*" before configuration and pkiremove does not asks for token pwd for
unconfigured java subsystem.

For RA and TPS subsystem, internal password is written like "internal:
*" before configuration.


Note You need to log in before you can comment on or make changes to this bug.