[Freeipa-devel] [PATCH 0058] Add the otptoken-add-yubikey command
Nathaniel McCallum
npmccallum at redhat.com
Fri Jun 20 15:46:59 UTC 2014
On Thu, 2014-06-19 at 16:30 -0400, Nathaniel McCallum wrote:
> This command behaves almost exactly like otptoken-add except:
> 1. The new token data is written directly to a YubiKey
> 2. The vendor/model/serial fields are populated from the YubiKey
>
> === NOTE ===
> 1. This patch depends on the new Fedora package: python-yubico. If you
> would like to help with the package review, please assign yourself here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1111334
New version of the patch. This one works (yay!).
1. Because of the dependency on python-yubico, is this feature something
we want in core FreeIPA? As a subpackage? Separate project altogether?
The only dependency for python-yubico is pyusb.
2. Should the "import yubico" statement be inside of the
otptoken_add_yubikey.forward() method to reduce server dependencies?
3. This code currently emits a warning from the call to otptoken-add:
WARNING: API Version number was not sent, forward compatibility not
guaranteed. Assuming server's API version, 2.89
How do I fix this?
4. I am not sure why I have to delete the summary and value keys from
the return dictionary. It would be nice to display this summary message
just like otptoken-add.
5. Am I doing the ipatoken(vendor|model|serial) options correctly? These
aren't user settable, but we need to pass them from the yubikey
(client-side) to the server.
6. I'm not sure my use of assert or ValueError are correct. What should
I do here?
7. Considering that this is just a specialized invocation of
otptoken-add, can't we do this all on the client-side? This is why I had
originally used frontend.Local rather than frontend.Command.
Nathaniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-npmccallum-0058.1-Add-the-otptoken-add-yubikey-command.patch
Type: text/x-patch
Size: 5707 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140620/f41662bd/attachment.bin>
More information about the Freeipa-devel
mailing list