[Freeipa-devel] [PATCH 0024] Add OTP support to ipalib CLI
Nathaniel McCallum
npmccallum at redhat.com
Thu Nov 14 19:39:12 UTC 2013
On Tue, 2013-10-29 at 10:18 -0400, Rob Crittenden wrote:
> Petr Vobornik wrote:
> > On 10/04/2013 10:16 PM, Nathaniel McCallum wrote:
> >> This patch supersedes my patch 0017 and requires patches 0020-0023. I
> >> believe I have solved all of the outstanding issues from the review of
> >> patch 0017, unless otherwise noted:
> >>
> >> 1. I'm not actually sure what the format of the date parameters is.
> >> Could someone clarify this for me? Should I do something differently
> >> here?
> >
> > I think that date parameter is not used anywhere. IMO it should be
> > designed soon since it will be needed in other tickets [1], [2] as well.
> >
> > [1] https://fedorahosted.org/freeipa/ticket/547 [RFE] Implement iCal
> > based time managment in HBAC
> > [2] https://fedorahosted.org/freeipa/ticket/3127 [RFE] Time-Based
> > Account Lockout Policies in IPA
>
> FYI the original HBAC time class is still in
> ipalib/parameters.py::AccessTime. It is supposed to provide a
> generalized time-like API. Not saying it has to remain.
>
> I can't remember how much previous conversations about date/time
> handling were in mailing lists vs shouting matches on the phone, but it
> is quite a hard problem in a distributed system like IPA, particularly
> for the UI.
>
> Thar be dragons.
Currently, the token entity uses two GeneralizedTime fields (notBefore
and notAfter). I assume this information is correct:
http://en.wikipedia.org/wiki/GeneralizedTime
Nathaniel
More information about the Freeipa-devel
mailing list