[Freeipa-devel] FreeIPA OTP End-to-End
Nathaniel McCallum
npmccallum at redhat.com
Thu Jan 9 22:26:08 UTC 2014
New RPMs are up: http://npmccallum.fedorapeople.org/freeipa-otp/rpms/
WHAT'S NEW IN THE RPMS?
* 389ds OTP Last Token Plugin
* 389ds OTP Sync Plugin
* HOTP token support
* OTP UI is now working
All of the non-UI code is currently on the list. Petr is working on UI
cleanup. You can see all the patches here:
https://github.com/npmccallum/freeipa/tree/otp
https://github.com/npmccallum/freeipa/tree/otpui
KNOWN ISSUES
Setting User Auth Type globally doesn't work:
https://fedorahosted.org/freeipa/ticket/4105
SELinux is broken on F20 (should be fixed in rawhide):
https://bugzilla.redhat.com/show_bug.cgi?id=970163
User's can't add their own tokens. A patch to fix this is in the RPMs,
but currently has a bug. A workaround exists. Details are here:
https://www.redhat.com/archives/freeipa-devel/2014-January/msg00068.html
Alexander Bokovoy (I think) found some issues when interacting with
pkinit. I don't know the state of this.
Alexander Bokovoy found a bug with SSSD that has (a few minutes ago)
been patched. Details are here:
https://lists.fedorahosted.org/pipermail/sssd-devel/2014-January/017934.html
STILL NEEDED
* UI patches polished and sent to the list.
* OTP Sync Client (both CLI and UI).
Nathaniel
On Fri, 2013-12-13 at 15:57 -0500, Nathaniel McCallum wrote:
> This is an email to track the status of the OTP project as we push
> toward completion. I'm also attempting to get all the pieces in play so
> that they are testable.
>
> RPMs
> Available here: http://npmccallum.fedorapeople.org/freeipa-otp/rpms/
> These currently contain the CLI and UI patches, but exclude the DS
> plugin patch. I will merge this last patch in when submitted to the
> list.
>
> OTP CLI
> All of the patches are merged except npmccallum-0024, which is
> undergoing active review.
> https://www.redhat.com/archives/freeipa-devel/2013-December/msg00102.html
>
> OTP UI
> Thanks to Petr Vobornik for his set of patches implementing the UI. They
> can be found rebased on top of my otp changes here:
> https://github.com/npmccallum/freeipa/commits/otpui
>
> Authentication methods and RADIUS proxy support seems to be fully
> functional and I have not encountered any bugs. I'm not currently able
> to get the OTP UI to show up at all (I may well be doing something
> wrong).
>
> I believe Petr plans to clean these up and resubmit them to the list.
>
> One additional patch will be required for the token sync extop.
>
> DS PLUGIN
> I am nearing completion on the DS plugin providing support for deletion
> protection and the token sync extop. This should hit the list next week.
>
> OTHER
> Am I missing anything?
>
> Nathaniel
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list