[Freeipa-devel] [PATCH] Review: rga-0005 Fix order of synchronizing time when running ipa-client-install

[Rob Crittenden]

Petr Viktorin wrote:
> AFAIK this patch was only posted to Trac, where it was kind of
> forgotten. Let's move it to the mailing list.
>
> It looks & works fine, ACK for those aspects. But Dmitri had some
> concerns about the validity of the ticket itself:
>
>> Unusual but not critical. In future this can be an OTP prompt rather than
>> password prompt and making sure time is correct on both sides might be
>> more critical. I do not see a big problem with a slight delay. Banks now
>> prompt people for user name on one page and then for password on another.
>> It is a common practice. I would think that decoupling the prompts and
>> getting people used to it is a benefit rather than a hassle. The trend
>> of prompting for user and password independently should continue.
>> We should make it more usable if there are usability concerns but IMO we
>> should not be trying to push people back to traditional notion of "user
>> name and password are always together". They are not.
>
> It may be common practice but it doesn't really make sense to temporally
> split related actions if there's no need for it. It is annoying. In the
> banks case, the login pages follow one another, they don't insert some
> completely unrelated output in the middle of the login process.
> If we want to teach new expectations to users, ipa-client-install is not
> the place to do it.
> The OTP case will work since with the patch, time is synced before both
> prompts.
>
> The comment gives a good reason to move the ticket to Backlog, but since
> we have a fix I'd like to push it.

IIRC Alexander purposely put the time sync in here to ensure that at the 
time we actually obtain the password time is in sync. I can't say I 
always agreed with that, but it does make a certain amount of sense.

rob