|Summary:||SECMOD_WaitForAnyTokenEvent returns spurious error once at start up|
|Product:||Red Hat Enterprise Linux 7||Reporter:||Ray Strode [halfline] <rstrode>|
|Component:||nss||Assignee:||Elio Maldonado Batiz <emaldona>|
|Status:||CLOSED NOTABUG||QA Contact:||BaseOS QE Security Team <qe-baseos-security>|
|Version:||7.0||CC:||eparis, martinsson.patrik, rrelyea|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2014-03-06 22:40:59 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Ray Strode [halfline] 2014-02-05 16:11:04 UTC
A RHEL customer is currently trying out the RHEL 7 beta and hitting an issue with his smartcard setup. If the card is inserted at login time SECMOD_WaitForAnyTokenEvent returns SEC_ERROR_PKCS12_UNABLE_TO_READ one time. Calling it again, makes it properly block for insertion and removal events. in RHEL6, gnome would retry on error. in rhel7 it doesn't (see bug 1061785 ). Is this a driver issue? it's a NetId card which uses the libiidp11.so pkcs11 driver. Is it something we can work around in NSS, so there isn't the spurious error message?
Comment 3 Bob Relyea 2014-02-19 00:03:08 UTC
It most likely is. SECMOD_WaitForAnyTokenEvent() depends on the modules C_WaitForSlotEvent() at the PKCS #11 layer. The NSS work around would be the same as the application work around (retry once). bob
Comment 4 Eric Paris 2014-03-06 22:40:59 UTC
Bob is saying that the pkcs#11 module is the problem. not gnome. not nss. There is no good way to fix this in software. We are going to close this bug as NOTABUG.
Comment 5 Ray Strode [halfline] 2014-03-07 15:09:52 UTC
that's fine. I already put a workaround in on the gnome side, so that should be good enough.