[Freeipa-devel] [PATCH 0017] Add OTP support to ipalib CLI
Dmitri Pal
dpal at redhat.com
Fri Sep 13 18:38:36 UTC 2013
On 09/13/2013 12:19 PM, Petr Vobornik wrote:
> ipatokenvendor
will be us
> , ipatokenmodel,
IPA?
> ipatokenserial
Generated
> , ipatokenotpkey
Generated
> , ipatokenotpalgorithm
Uses default TOTP we do not support more for now. In future it will be a
global policy I assume.
> ,
> ipatokenotpdigits
Should be based on a global policy: do we have a default for that?
> , ipatokentotpclockoffset
Internal
> , ipatokentotptimestep
Should be based on a global policy: do we have a default for that?
> ?) and
> which are less important (ipatokennotbefore
IMO for the self created tokens they should be valid from the moment
they are created to the moment in future governed by a default global
policy. For example 3 years. Do we have an attribute for that?
> , ipatokennotafter ?)
Derive from previous + lifetime
So for normal user to create a token it should be just a button with no
parameters.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list