[17182] in Athena Bugs
Re: Vanishing certificates
daemon@ATHENA.MIT.EDU (John Hawkinson)
Wed Sep 15 17:24:38 1999
Message-Id: <199909152124.RAA224681@oliver.mit.edu>
To: "t. belton" <tbelton@MIT.EDU>
Cc: web-agents@MIT.EDU, bugs@MIT.EDU
In-Reply-To: Your message of "Wed, 15 Sep 1999 15:43:37 EDT."
<Pine.GSO.3.96L.990915153207.13122A-100000@iphigenia.mit.edu>
Date: Wed, 15 Sep 1999 17:24:21 -0400
From: John Hawkinson <jhawk@MIT.EDU>
[ You seem to have omitted bugs@mit.edu from the cc list, though
arguably it is the most appropriate place. I've added it in and
pruned things down. ]
>In circumstances we are not sure of yet, user certificates *disappear.* Or
>maybe they weren't there in the first place. The user applies for the MIT
>certificate in the usual way, and the process appears successful ... but
>when they try to use it, they find that the cert apparently was not
>installed. The site they're trying to go to says "You don't have a cert,"
>and the Security panel doesn't list it.
I believe this is in fact a well-known problem, but it can be described
differently.
Sometimes, Netscape's certificate database files get corrupt.
When this happens, Netscape is unable to save certs to disk. Netscape
fails silently in this condition.
As a result, users find they can get certs and use them for the life of
the session, but upon logging out and logging back in, they are not present.
Sometimes this has been misdiagnosed as certs only working on a particular
workstation, if that helps at all.
Running "clear-netscape-passwd", of course, fixes this.
I suppose you could certainly claim I had been remiss in reporting
this sort of bug. I have received the general impression that it is
not worth reporting "well-known" netscape bugs because, even should
netscape fix them if we reported them to them, we don't bother to
report them to netscape.
Fundamentally, I think we should explore a commercial support relationship
with Netscape given the dominance it has in our environment, but I suppose
that is truly irrelevent to this discussion.
--jhawk
