On a couple of different occasions, users who have deployed Dogtag have overwritten the default value of "pki_token_name" with the value of "Internal" in their pkispawn configuration file.
The consequences of this action is that a password will be prompted for a token named "Internal" even though a password has been provided; the reason is that the soft token is named "internal" (the default value in /etc/pki/default.cfg), not "Internal".
While this could be documented as a common problem, alternatively, we could simply normalize the value of "pki_token_name" if and only if its value is "Internal". The only downside of such a choice would be that an "external" token such as an HSM could not be called "Internal".
Another option is to change the default value of pki_token_name to blank, so anything other than blank will be considered "external" token and does not require normalization.
Per CS/DS Meeting of 05/23/2016: 10.3.3 -minor
Per PKI Bug Council of 06/23/2016: 10.3.4
attachment 20160624-Normalize-default-softokn-name.patch
Checked into 'master':
Metadata Update from @mharmsen: - Issue assigned to mharmsen - Issue set to the milestone: 10.3.4
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2431
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.