[17183] in Athena Bugs
Re: Vanishing certificates
daemon@ATHENA.MIT.EDU (t. belton)
Thu Sep 16 11:28:40 1999
Date: Thu, 16 Sep 1999 11:28:25 -0400 (EDT)
From: "t. belton" <tbelton@MIT.EDU>
To: John Hawkinson <jhawk@MIT.EDU>
Cc: web-agents@MIT.EDU, bugs@MIT.EDU
In-Reply-To: <199909152124.RAA224681@oliver.mit.edu>
Message-Id: <Pine.GSO.3.96L.990916112146.27363D-100000@iphigenia.mit.edu>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I didn't add bugs because this wasn't a bug report per se, but a request
for "case studies." The other groups, such as the e-res people, were there
because they were the people who originally reported the problem to me,
and are the ones for whom it is of most immediate concern.
You're the second person to note this business of corrupted certificates -
and it's good to know - but as I told aurora, I don't believe the e-res
users EVER had any certs before their sessions; ergo, there was no
cert5.db or cert7.db file to corrupt.
Plus, they're getting two or three of these per training session. That
seems like bad odds.
I will have an opportunity this afternoon to see this problem being
reproduced, I hope. They have a user who can make it happen reliably, and
with any luck I'll get to watch.
-Todd
On Wed, 15 Sep 1999, John Hawkinson wrote:
> [ You seem to have omitted bugs@mit.edu from the cc list, though
> arguably it is the most appropriate place. I've added it in and
> pruned things down. ]
>
> >In circumstances we are not sure of yet, user certificates *disappear.* Or
> >maybe they weren't there in the first place. The user applies for the MIT
> >certificate in the usual way, and the process appears successful ... but
> >when they try to use it, they find that the cert apparently was not
> >installed. The site they're trying to go to says "You don't have a cert,"
> >and the Security panel doesn't list it.
>
> I believe this is in fact a well-known problem, but it can be described
> differently.
>
> Sometimes, Netscape's certificate database files get corrupt.
> When this happens, Netscape is unable to save certs to disk. Netscape
> fails silently in this condition.
>
> As a result, users find they can get certs and use them for the life of
> the session, but upon logging out and logging back in, they are not present.
>
> Sometimes this has been misdiagnosed as certs only working on a particular
> workstation, if that helps at all.
>
> Running "clear-netscape-passwd", of course, fixes this.
