Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 236268 - ESC: get rid of the -secmode option
Summary: ESC: get rid of the -secmode option
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: esc
Version: 5.4
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Jack Magne
QA Contact: desktop-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks: 443788 497004
TreeView+ depends on / blocked
 
Reported: 2007-04-12 19:27 UTC by Chandrasekar Kannan
Modified: 2015-01-04 23:26 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-02 09:58:12 UTC


Attachments (Terms of Use)
Patch to allow security officer mode to not need a command line switch. (deleted)
2009-02-27 03:05 UTC, Jack Magne
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:1310 normal SHIPPED_LIVE esc bug fix update 2009-09-01 10:21:48 UTC

Description Chandrasekar Kannan 2007-04-12 19:27:32 UTC
ESC: security officer mode.

ESC currently has a command line option to get into this funky 
security officer mode.

This doesn't sound good to me.

A security officer token should be made special. It should have a 
specific phone home URL burned in. So that the moment they insert
this token, ESC should go directly to this Security officer page.

Security Officers shouldn't be required to launch ESC in a separate
way. 

And of course, this security officer mode currently doesn't work
in MAC. So, another reason, to get rid of this command line option.

Comment 1 Chandrasekar Kannan 2007-04-16 18:09:33 UTC
per rhcs meeting on 04/16, we can target this post 7.3

Comment 2 Jack Magne 2008-05-07 00:25:18 UTC
Let's discuss this one for 8.0.

Comment 3 Jack Magne 2009-02-27 03:04:19 UTC
Here is how this will work for now:

1. No more command line switch.

2. Add a parameter to the esc/defaults/preferences/esc-prefs.js

esc.security.url

Below are two examples that allow ESC to use either the Security Officer Enrollment UI or the Security Officer Workstation UI.



> #Sample Security Officer Enrollment UI
>
> #pref("esc.security.url","http://test.host.com:7888/cgi-bin/so/enroll.cgi");
>
> #Sample Security Officer Workstation UI
>
> #pref("esc.security.url","https://test.host.com:7889/cgi-bin/sow/welcome.cgi")

3. Start esc.

4. When the user clicks on the tray icon or calls up esc from the command line, esc will now pop up the security UI as requested by the parameter.

5. When the parameter is missing, ESC operates as usual.

6. The parameter "esc.disable.password.prompt" must still be set to "no" for this work properly.

Comment 4 Jack Magne 2009-02-27 03:05:28 UTC
Created attachment 333432 [details]
Patch to allow security officer mode to not need a command line switch.

Comment 5 Matthew Harmsen 2009-02-27 03:28:46 UTC
attachment (id=333432) +mharmsen
esc/components/escCLH.js:
change line 34 from:   	

       pref("esc.disable.password.prompt","no");

to:

       pref("esc.disable.password.prompt","yes");

Comment 6 Jack Magne 2009-02-27 03:33:27 UTC
Checking in esc/chrome/content/esc/ESC.js;
/cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v  <--  ESC.js
new revision: 1.21; previous revision: 1.20
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in esc/components/escCLH.js;
/cvs/dirsec/esc/src/app/xul/esc/components/escCLH.js,v  <--  escCLH.js
new revision: 1.4; previous revision: 1.3
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in esc/defaults/preferences/esc-prefs.js;
/cvs/dirsec/esc/src/app/xul/esc/defaults/preferences/esc-prefs.js,v  <--  esc-pr
efs.js
new revision: 1.6; previous revision: 1.5
done

Comment 7 Scott Haines 2009-04-22 18:42:33 UTC
Changing product from Certificate System to Red Hat Enterprise 5.  Rebase of
ESC to version 1.1.0 to pick up present and future Certificate System v8 fixes.

Comment 8 Scott Haines 2009-04-22 18:43:15 UTC
Setting ack requests.

Comment 9 Scott Haines 2009-04-22 19:01:11 UTC
Setting devel ack.

Comment 12 Asha Akkiangady 2009-07-24 19:06:10 UTC
Verified.

Tested token enrollment using Gemalto 64K smart cards on Rhel 5.3 i386
and x86_64 with pref("esc.disable.password.prompt","no"), Security officer
enrollment/format, from security officer station user enrollment/format works
fine.

coolkey version: coolkey-1.1.0-6.el5 (latest from RHEL5.3 BaseOS)
esc version: esc-1.1.0-9.el5 (cs 8.0 build)

Comment 14 errata-xmlrpc 2009-09-02 09:58:12 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1310.html


Note You need to log in before you can comment on or make changes to this bug.