[Pki-users] Security Officer Mode enabling - where does the ldap auth come from?
Fabian Bertholm
fabeisageek at googlemail.com
Thu Feb 17 10:10:45 UTC 2011
Hi,
Im a little bit stuck on enabling the Security Officer Mode, I'm
following the guide at:
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html/Managing_Smart_Cards_with_the_Enterprise_Security_Client/Using_the_Enterprise_Security_Client-Security_Officer_Mode.html#enabling-secmod
When formating the blank token my TPS likes to have authentication by
default on soKey format operations. This does not work, the
tps-debug.log says RA_Processor::RequestExtendedLogin - No Extended
Login Response Msg Received and aborts. I wonder where the login data
should come from as the ESC is not prompting for a ldap user/pw in
this case.
btw. I did not use the absolut path
/var/lib/pki-tps/cgi-bin/so/index.cgi as stated in guide but the http
url as this made more sendse to me.
When disabling the authentication for soKey format within the CS.cfg
then the formating runs through until the error:
RA:tdb_update - failed to add tokendb entry
RA_Format_Processor::Process - Failed to update the token database
I sniffed with wireshatk and I can see that the ldap addRequest to the
tokendb is failing with a syntax error: tokenUserID: value #0 invalid
per syntax. And indeed it is missing in the addRequest. I think this
is because the auth is disabled and now there is no UserID.
How to continue?
Best regards,
fabe
More information about the Pki-users
mailing list