[Freeipa-devel] [PATCH 0056] Add otptoken-sync command

Alexander Bokovoy abokovoy at redhat.com
Tue Jun 24 16:44:40 UTC 2014 

On Tue, 24 Jun 2014, Nathaniel McCallum wrote:
>On Tue, 2014-06-24 at 19:34 +0300, Alexander Bokovoy wrote:
>> On Tue, 24 Jun 2014, Nathaniel McCallum wrote:
>> >On Tue, 2014-06-24 at 15:39 +0300, Alexander Bokovoy wrote:
>> >> On Tue, 03 Jun 2014, Nathaniel McCallum wrote:
>> >> >On Tue, 2014-06-03 at 10:27 +0200, Petr Vobornik wrote:
>> >> >> On 3.6.2014 05:08, Nathaniel McCallum wrote:
>> >> >> > This command calls the token sync HTTP POST call in the server providing
>> >> >> > the CLI interface to synchronization.
>> >> >> >
>> >> >> > https://fedorahosted.org/freeipa/ticket/4260
>> >> >> >
>> >> >> > This patch depends on my patch #0055.
>> >> >> >
>> >> >>
>> >> >> Build fails on validation. You forgot to update API.txt and also the
>> >> >> command misses __doc__.
>> >> >>
>> >> >> (not a proper review)
>> >> Failed for me:
>> >>
>> >> [root at ipa-01 rpms]# ipa otptoken-show test.token
>> >>   Unique ID: test.token
>> >>   Description: test token
>> >>   Owner: abbra
>> >>   Vendor: FreeIPA
>> >>   Model: hotp
>> >> [root at ipa-01 rpms]# ipa otptoken-sync abbra --token=test.token
>> >> Password:
>> >> First Code:
>> >> Second Code:
>> >> ipa: ERROR: non-public: IOError: ('http error', 401, 'Unauthorized',
>> >> <httplib.HTTPMessage instance at 0x2cdde60>)
>> >> Traceback (most recent call last):
>> >>   File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 129,
>> >> in execute
>> >>     result = self.Command[_name](*args, **options)
>> >>   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439,
>> >> in __call__
>> >>     ret = self.run(*args, **options)
>> >>   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1118,
>> >> in run
>> >>     return self.forward(*args, **options)
>> >>   File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py",
>> >> line 427, in forward
>> >>     rsp = urllib.urlopen(sync_uri, query)
>> >>   File "/usr/lib64/python2.7/urllib.py", line 89, in urlopen
>> >>     return opener.open(url, data)
>> >>   File "/usr/lib64/python2.7/urllib.py", line 210, in open
>> >>     return getattr(self, name)(url, data)
>> >>   File "/usr/lib64/python2.7/urllib.py", line 454, in open_https
>> >>     data)
>> >>   File "/usr/lib64/python2.7/urllib.py", line 374, in http_error
>> >>     result = method(url, fp, errcode, errmsg, headers, data)
>> >>   File "/usr/lib64/python2.7/urllib.py", line 689, in http_error_401
>> >>     errcode, errmsg, headers)
>> >>   File "/usr/lib64/python2.7/urllib.py", line 381, in http_error_default
>> >>     raise IOError, ('http error', errcode, errmsg, headers)
>> >> IOError: ('http error', 401, 'Unauthorized', <httplib.HTTPMessage instance at 0x2cdde60>)
>> >> ipa: ERROR: an internal error has occurred
>> >>
>> >> Note that I can successfully use the token. It looks like authentication
>> >> with urllib.urlopen(sync_uri, query) fails.
>> >
>> >Works for me (just tested). I suspect you have not updated the ipa httpd
>> >config. Did you apply patches 0054, 0055 and 0056?
>> Yes, I did apply those patches and I installed packages as an upgrade.
>> How I supposed to update httpd config? I think we need to solve this
>> without re-install and it should be done automatically.
>
>Oh. I thought it *was* done automatically...
No. You only modified the template which is used for an install from
scratch.
-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list