[Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators

Pavel Vomacka pvomacka at redhat.com
Wed May 11 11:25:35 UTC 2016 


On 05/06/2016 02:44 PM, Sumit Bose wrote:
> On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel McCallum wrote:
>> This series of patches implements authentication indicator insertion,
>> evaluation and management in FreeIPA. Besides these patches, two other
>> patches are needed to round out support.
>>
>> First, we need a UI patch: https://fedorahosted.org/freeipa/ticket/5872
I've already sent the patch to the ML. I use the API doc string as a 
tooltip for the authentication indicator field in webui and now there is 
only "Authentication indicator whitelist" and I think that we might 
provide more information in webui. So there are two solutions I can 
write my own tooltip text or we can extend the API doc string for this 
new option. Actually, there is another one - leave it as it is. What do 
you think would be better?
>>
>> Second, we need a SSSD patch to handle the new case where multiple
>> responders are set (when either 1FA or 2FA can be used).
> I've already some initial work done here and will continue with your
> patches.
>
>> Please note that the last patch in this series (0093) is untested and
>> simply represents my desire to get these patches off of my hard disk
>> before I take a long weekend. This patch also requires mrogers' patch
>> 0001 (already merged to master).
I tried to apply your patches and the last patch (93) needs change in 
VERSION file. IPA_API_VERSION_MINOR is the same as in master. So it 
needs to be incremented.

Pavel^3
>>
>> Also worthy of note is the need for an OID for the authentication
>> control. Hopefully Simo can assign this after we agree that this
>> control method is sufficient. One question I had was whether or not it
>> would be possible to send the control only on UNIX sockets (0089;
>> report_auth_method()).
>>
>> Please review the approaches taken here. I plan to hit this hard on
>> Monday.
> I'm on a conference next week and currently busy preparing my
> presentation. I will give you feedback in the following week.
>
> bye,
> Sumit
>
>> Nathaniel

More information about the Freeipa-devel mailing list