[Freeipa-devel] [PATCH 0056] Add otptoken-sync command

Thu Jun 26 14:16:08 UTC 2014

On 06/26/2014 01:02 PM, Alexander Bokovoy wrote:
> On Wed, 25 Jun 2014, Nathaniel McCallum wrote:
>> On Wed, 2014-06-25 at 13:18 +0300, Alexander Bokovoy wrote:
>>> On Tue, 24 Jun 2014, Nathaniel McCallum wrote:
>>> >On Tue, 2014-06-03 at 09:18 -0400, Nathaniel McCallum wrote:
>>> >> On Tue, 2014-06-03 at 10:27 +0200, Petr Vobornik wrote:
>>> >> > On 3.6.2014 05:08, Nathaniel McCallum wrote:
>>> >> > > This command calls the token sync HTTP POST call in the server providing
>>> >> > > the CLI interface to synchronization.
>>> >> > >
>>> >> > > https://fedorahosted.org/freeipa/ticket/4260
>>> >> > >
>>> >> > > This patch depends on my patch #0055.
>>> >> > >
>>> >> >
>>> >> > Build fails on validation. You forgot to update API.txt and also the
>>> >> > command misses __doc__.
>>> >> >
>>> >> > (not a proper review)
>>> >>
>>> >> Thanks, fixed.
>>> >
>>> >Attached is a new revision which is rebased on master.
>>> >
>>> >In addition it:
>>> >
>>> >1. Moves user to a parameter and moves token to an argument. Doing it
>>> >this way both mirrors the existing otptoken APIs and sets us up for
>>> >future Kerberos based syncing where the username/password will be
>>> >optional.
>>> >
>>> >2. Converts the token ID to a DN.
>>> ACK.
>>>
>>> Please do not commit this patch yet, we are not done with its
>>> dependencies.
>>
>> As discussed off list, we also needed to verify the certificate so that
>> passwords were not sent in the clear to a MITM. This has now been
>> implemented. VERSION is bumped and ./makeapi was run. This patch is also
>> rebased on top of my patch 0058 (which is already ACK'd), so 0058 needs
>> to be merged before this patch (0056).
> Right. There is one small fix that need to be squashed prior to
> committing as pylint cannot get insights into function states.
> 
> The patch attached. With it, ACK.

Fixed VERSION conflict, squashed fixup patch and pushed to master.

Martin