Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: rhel-8.5.0
Component/s: sssd
Labels:
- MigratedToJIRA
- SSSD-Jira

Regression:
None
Severity:
Moderate

Pool Team:

rhel-sst-idm-sssd
Sub-System Group:

ssg_idm

Story Points:
0
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 2053153

PX Impact Score:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:

p11_child currently has an infinite timeout which is causing OCSP requests to fail on semi-disconnected systems with multi certificates, such as a CAC.

Version-Release number of selected component (if applicable):

OS: Red Hat Enterprise Linux release 8.5 (Ootpa)
SSSD: sssd-2.5.2-2.el8_5.3.x86_64
p11-kit: p11-kit-0.23.22-1.el8.x86_64

How reproducible:

Consistently.

Steps to Reproduce:
1. Prepare system for smart card login with a CAC.
2. Disconnect from the network
3. Attempt to login.

Actual results:

The certificate menu is presented even though the cert is specified, and login fails after PIN entry.

Expected results:

The system skips the OCSP check (if configured) due to connection timeout and proceeds onward.

external trackers

Red Hat Customer Portal 03110475

Red Hat Issue Tracker RHELPLAN-111914

Red Hat Issue Tracker SSSD-4324

links to

Similar upstream issue

Assignee:: SSSD Maintainers

Reporter:: Chance Callahan

Developer:: SSSD Maintainers

QA Contact:: SSSD QE

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2023/09/18 11:48 PM

Updated:: 2024/09/27 9:04 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates