[Freeipa-devel] [PATCH 0017] Add OTP support to ipalib CLI

Petr Vobornik pvoborni at redhat.com
Fri Sep 13 16:19:32 UTC 2013


On 09/12/2013 09:15 PM, Dmitri Pal wrote:
> On 09/12/2013 07:28 AM, Petr Vobornik wrote:
>> Qs:
>>
>> a. Do we have some use cases for adding internal OTP? I wonder which
>> otp-add options are essential (ipatokenvendor, ipatokenmodel,
>> ipatokenserial, ipatokenotpkey, ipatokenotpalgorithm,
>> ipatokenotpdigits, ipatokentotpclockoffset, ipatokentotptimestep?) and
>> which are less important (ipatokennotbefore, ipatokennotafter ?).
>>
> Can you rephrase? The use cases were covered pretty much on the design page.
>

Use cases cover that user should be able to add token for himself, and 
admin for anybody. They don't say anything about what are the usual 
parameters which has to be configured for various kinds of tokens.

otp-add command has a lot of optional options. It would be nice to 
simplify UI adder dialog as much as possible.

For example LinOTP interface has a page for adding google auth token and 
a page for adding general totp token. The google auth token page is very 
simple. User can click only on 'create token' button and nothing else. 
The topt page is targeted for advanced users/admins so it's much more 
complex. One can enter whole buch of options.

So I wonder what are the use cases for common user in IPA. It will tell 
us if we can present the user only simple one-click UI, or if there 
should be possibilities to specify additional options.
-- 
Petr Vobornik




More information about the Freeipa-devel mailing list