Bug 916608 - ssh-keygen: new -n option in RHEL7 is conflicting with -n downstream option from previous RHELs
Summary: ssh-keygen: new -n option in RHEL7 is conflicting with -n downstream option f...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssh
Version: 7.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: beta
: ---
Assignee: Petr Lautrbach
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-02-28 13:19 UTC by Miroslav Vadkerti
Modified: 2013-03-04 08:59 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-01 09:14:19 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Miroslav Vadkerti 2013-02-28 13:19:14 UTC 
Description of problem:
In RHEL7 a new -n option had been added:
   -n name,... User/host principal names to include in certificate

In previous RHELs we had a downstream patch that made it possible to use NSS db for storing the public keys:
   -n      Extract the public key from smartcard.

Also the whole NSS patch is missing

Version-Release number of selected component (if applicable):
openssh-6.1p1-4.el7

How reproducible:
100%

Steps to Reproduce:
1. man openssh
2. try to use ssh-keygen with -n
3. try to use UseNSS with sshd
  
Actual results:
Conflict and no NSS patch applied

Expected results:
Well, I do not know? What does the developer think?

Additional info:
Comment 1 Petr Lautrbach 2013-03-01 09:14:19 UTC 
There is no NSS support in the openssh-6.1p1-4.el7, It's not needed anymore since there is a direct smartcards support using PKCS#11 library in openssh, ssh-keygen -D, ssh -I and others
Comment 2 Miroslav Vadkerti 2013-03-04 08:59:51 UTC 
Ok thanks, I will try to update the test to cover the direct support.
Note You need to log in before you can comment on or make changes to this bug.