[Freeipa-devel] FreeIPA OTP End-to-End

Nathaniel McCallum npmccallum at redhat.com
Thu Jan 9 22:26:08 UTC 2014 

New RPMs are up: http://npmccallum.fedorapeople.org/freeipa-otp/rpms/

WHAT'S NEW IN THE RPMS?
* 389ds OTP Last Token Plugin
* 389ds OTP Sync Plugin
* HOTP token support
* OTP UI is now working

All of the non-UI code is currently on the list. Petr is working on UI
cleanup. You can see all the patches here:
https://github.com/npmccallum/freeipa/tree/otp
https://github.com/npmccallum/freeipa/tree/otpui

KNOWN ISSUES
Setting User Auth Type globally doesn't work:
https://fedorahosted.org/freeipa/ticket/4105

SELinux is broken on F20 (should be fixed in rawhide):
https://bugzilla.redhat.com/show_bug.cgi?id=970163

User's can't add their own tokens. A patch to fix this is in the RPMs,
but currently has a bug. A workaround exists. Details are here:
https://www.redhat.com/archives/freeipa-devel/2014-January/msg00068.html

Alexander Bokovoy (I think) found some issues when interacting with
pkinit. I don't know the state of this.

Alexander Bokovoy found a bug with SSSD that has (a few minutes ago)
been patched. Details are here:
https://lists.fedorahosted.org/pipermail/sssd-devel/2014-January/017934.html

STILL NEEDED
* UI patches polished and sent to the list.
* OTP Sync Client (both CLI and UI).

Nathaniel

On Fri, 2013-12-13 at 15:57 -0500, Nathaniel McCallum wrote:
> This is an email to track the status of the OTP project as we push
> toward completion. I'm also attempting to get all the pieces in play so
> that they are testable.
> 
> RPMs
> Available here: http://npmccallum.fedorapeople.org/freeipa-otp/rpms/
> These currently contain the CLI and UI patches, but exclude the DS
> plugin patch. I will merge this last patch in when submitted to the
> list.
> 
> OTP CLI
> All of the patches are merged except npmccallum-0024, which is
> undergoing active review.
> https://www.redhat.com/archives/freeipa-devel/2013-December/msg00102.html
> 
> OTP UI
> Thanks to Petr Vobornik for his set of patches implementing the UI. They
> can be found rebased on top of my otp changes here:
> https://github.com/npmccallum/freeipa/commits/otpui
> 
> Authentication methods and RADIUS proxy support seems to be fully
> functional and I have not encountered any bugs. I'm not currently able
> to get the OTP UI to show up at all (I may well be doing something
> wrong).
> 
> I believe Petr plans to clean these up and resubmit them to the list.
> 
> One additional patch will be required for the token sync extop.
> 
> DS PLUGIN
> I am nearing completion on the DS plugin providing support for deletion
> protection and the token sync extop. This should hit the list next week.
> 
> OTHER
> Am I missing anything?
> 
> Nathaniel
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

More information about the Freeipa-devel mailing list