[Freeipa-devel] [PATCH 0058] Add the otptoken-add-yubikey command
Martin Kosek
mkosek at redhat.com
Mon Jun 23 07:42:15 UTC 2014
On 06/23/2014 09:29 AM, Alexander Bokovoy wrote:
> On Fri, 20 Jun 2014, Nathaniel McCallum wrote:
>> On Thu, 2014-06-19 at 16:30 -0400, Nathaniel McCallum wrote:
>>> This command behaves almost exactly like otptoken-add except:
>>> 1. The new token data is written directly to a YubiKey
>>> 2. The vendor/model/serial fields are populated from the YubiKey
>>>
>>> === NOTE ===
>>> 1. This patch depends on the new Fedora package: python-yubico. If you
>>> would like to help with the package review, please assign yourself here:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1111334
>>
>> New version of the patch. This one works (yay!).
>>
>> 1. Because of the dependency on python-yubico, is this feature something
>> we want in core FreeIPA? As a subpackage? Separate project altogether?
>> The only dependency for python-yubico is pyusb.
> I'd prefer to have it integrated but have a separate dummy subpackage
> that pulls in all required dependencies, like, freeipa-tools-yubico. Instead of
> failing when 'ipa otptoken-add-yubikey' is called, please wrap the
> python-yubico import into a code that allows reporting a message back to
> the user advising to install the package.
+1. For 4.0, I would just fail cleanly and keep functioning if python-yubico is
not configured, just like in Alexander's trust example.
For 4.2, we plan to introduce subpackages
(https://fedorahosted.org/freeipa/ticket/4058). This is the right time and
place to introduce something like "freeipa-server-otp" which would contain the
files and requirements for OTP. It would also give is time to get it to
standard Fedora repositories if we want this functionality by default.
Martin
More information about the Freeipa-devel
mailing list