Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 235474 - Default esc.disable.password.prompt to no for secmode
Summary: Default esc.disable.password.prompt to no for secmode
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: esc
Version: 5.4
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Jack Magne
QA Contact:
Depends On:
Blocks: 443788 497004
TreeView+ depends on / blocked
Reported: 2007-04-06 00:05 UTC by Bob Lord
Modified: 2009-09-02 09:58 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-09-02 09:58:08 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:1310 normal SHIPPED_LIVE esc bug fix update 2009-09-01 10:21:48 UTC

Description Thomas Kwan 2007-04-06 00:05:45 UTC
If secmode is used, I want to ESC to set the following preference to "no" by default


Comment 1 Red Hat Bugzilla 2007-10-27 15:41:31 UTC
User's account has been closed

Comment 2 Jack Magne 2008-05-07 00:23:17 UTC
Created by Thomas, related to security officer enrollment, we should do it.

Comment 3 Jack Magne 2009-02-25 03:18:51 UTC
The fix will be to change this setting to the desired default value.

Comment 4 Jack Magne 2009-02-27 03:12:58 UTC
This can't be fixed now because of the following. 
ESC needs to know as soon as it starts whether or not is should suppress this password prompt. This is because this is done when ESC initialized NSS at the beginning of its operation. More thought will have to be given towards making this more dynamic. We could just default it to give the password prompt, but this could make using regular ESC annoying due to too many password prompts.

Comment 5 Jack Magne 2009-03-29 00:10:38 UTC
Since we now have a url preference for security officer mode, this particular pref will no longer be needed.

Comment 6 Jack Magne 2009-03-29 00:15:29 UTC
Changes to implement this feature.

Index: src/lib/coolkey/CoolKey.cpp
RCS file: /cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v
retrieving revision 1.8
diff -r1.8 CoolKey.cpp
>     char tBuff[56];
<     char * suppressPINPrompt =(char*) CoolKeyGetConfig("esc.disable.password.p
>     char * suppressPINPrompt =(char*) CoolKeyGetConfig("");
>     PR_LOG( coolKeyLog, PR_LOG_DEBUG, ("%s CoolKeySetCallbacks: prompt %s \n",
 GetTStamp(tBuff,56), suppressPINPrompt));
<     if(suppressPINPrompt && !strcmp(suppressPINPrompt,"yes"))
>     if(!suppressPINPrompt)

Comment 7 Matthew Harmsen 2009-03-29 00:17:26 UTC
Comment #6 +mharmsen

Comment 8 Jack Magne 2009-03-29 00:24:50 UTC
$ cvs -d commit -m "Fix for #23547
4, remove password prompt pref for Security Officer mode."
cvs commit: Examining .
cvs commit: Examining NssHttpClient
cvs commit: Examining coolkey
cvs commit: Examining notifytray
Checking in coolkey/CoolKey.cpp;
/cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v  <--  CoolKey.cpp
new revision: 1.9; previous revision: 1.8
Running syncmail...
...syncmail done.
Running syncmail...
...syncmail done.

Comment 9 Scott Haines 2009-04-22 18:40:02 UTC
Changing product from Certificate System to Red Hat Enterprise 5.  Rebase of
ESC to version 1.1.0 to pick up present and future Certificate System v8 fixes.

Comment 10 Scott Haines 2009-04-22 18:41:42 UTC
Setting ack request.

Comment 11 Scott Haines 2009-04-22 19:01:28 UTC
Setting devel ack.

Comment 14 Asha Akkiangady 2009-07-24 18:54:43 UTC

Performed token enrollment tests using Gemalto 64K smart cards on Rhel 5.3 i386 and x86_64 with the pref("esc.disable.password.prompt","no");, Security officer enrollment/format, from security officer station user enrollment/format works fine.
coolkey version: coolkey-1.1.0-6.el5 (latest from RHEL5.3 BaseOS)
esc version: esc-1.1.0-9.el5 (cs 8.0 build)

Comment 16 errata-xmlrpc 2009-09-02 09:58:08 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.