8021x: request PINs for PKCS#11 certs unless explicitly not-required (!965) · Merge requests · NetworkManager / NetworkManager

Beniamino Galvani requested to merge bg/pkcs11-pin-rh1992829 into main Aug 19, 2021

Commit df0dc912 ('8021x: don't request secrets if they are empty and system owned') changed the setting so that NM doesn't request the PIN for PKCS#11 certificates and keys when the password property has NM_SETTING_SECRET_FLAG_NONE. From the commit message:

Empty secrets are fine. In particular, for PKCS#11 it means that
protected authentication path is used (the secrets are obtained
on-demand from the pinpad).

This change breaks the scenario in which PINs are stored in the connection, as the setting indicates that no secrets are required, and thus PINs are not sent to the supplicant.

If the PIN is entered through a pinpad, users should set the secret flags as 'not-required'.

This reverts commit df0dc912 ('8021x: don't request secrets if they are empty and system owned').

https://bugzilla.redhat.com/show_bug.cgi?id=1992829

Admin message

8021x: request PINs for PKCS#11 certs unless explicitly not-required

Merge request reports