[Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators
Martin Basti
mbasti at redhat.com
Thu May 26 16:49:45 UTC 2016
On 26.05.2016 17:36, Nathaniel McCallum wrote:
> Martin, can we get patches 1-4 pushed? I'll submit patch 5 again to the
> list after a rebase for further discussion.
Here it is, pushed to master:
* cd9bc84240c99ed744e5ee44db18d925a5292ffd Rename syncreq.[ch] to
otpctrl.[ch]
* 168a6c7d4778a2a3c729e3ac24e4ad9dfacb46c0 Ensure that ipa-otpd bind
auths validate an OTP
* 204200d73bb135cb7b9b31b8f1ba5268d73094a5 Return password-only preauth
if passwords are allowed
* 8f356a4305a9aa74aacae36806d6e8ed1b765245 Enable authentication
indicators for OTP and RADIUS
>
> On Wed, 2016-05-25 at 13:32 +0200, Sumit Bose wrote:
>> On Tue, May 24, 2016 at 12:21:43PM -0400, Nathaniel McCallum wrote:
>>> New versions again. This time I just removed the stray "TODO:
>>> assign
>>> OID" line in the commit as it no longer applies.
>> ACK to patches 1-4.
>>
>> Patch 5 can be committed independently and needs some additional
>> discussion, see below.
>>
>> bye,
>> Sumit
>>
>>> On Tue, 2016-05-24 at 12:08 -0400, Nathaniel McCallum wrote:
>>>> I have attached new versions of the patches. Comments below.
>>>>
>>>> On Tue, 2016-05-24 at 15:25 +0200, Sumit Bose wrote:
>>>>> On Thu, May 12, 2016 at 05:33:26PM -0400, Nathaniel McCallum
>>>>> wrote:
>>>>>> On Fri, 2016-05-06 at 14:44 +0200, Sumit Bose wrote:
>>>>>>> On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel
>>>>>>> McCallum
>>>>>>> wrote:
>> ...
>>
>>>>>> From c9e2b50248493fb5a283cf8c88c8e20c312d6348 Mon Sep 17
>>>>>> 00:00:00
>>>>>> 2001
>>>>>> From: Nathaniel McCallum <npmccallum at redhat.com>
>>>>>> Date: Wed, 4 May 2016 17:08:45 -0400
>>>>>> Subject: [PATCH 5/5] Enable service authentication indicator
>>>>>> management
>>>>>>
>>>>> For me the patch looks good, but it would be nice if someone
>>>>> more
>>>>> used
>>>>> to our usage of python can have a short look to see if all
>>>>> conventioens
>>>>> are met. ACK for the functionality.
>>>> I would like for us to merge the first four patches first and
>>>> then
>>>> concentrate on this one.
>>>>
>>>> In particular, the following issue needs to be discussed. We
>>>> currently
>>>> only have two, hard-coded indicator values: otp and radius. Thus,
>>>> we
>>>> use a StrEnum for this property. However, in the long-term, I'd
>>>> like
>>>> to
>>>> have more flexibility; such as per-token indicators. This implies
>>>> String.
>>>>
>>>> Is there some way to do StrEnum now and easily migrate to String
>>>> later?
>>>> I think this will break API. Thoughts?
>>>>
More information about the Freeipa-devel
mailing list