[Freeipa-devel] [PATCH 0017] Add OTP support to ipalib CLI

Dmitri Pal dpal at redhat.com
Fri Sep 13 18:38:36 UTC 2013


On 09/13/2013 12:19 PM, Petr Vobornik wrote:
> ipatokenvendor

will be us

> , ipatokenmodel,

IPA?

> ipatokenserial

Generated

> , ipatokenotpkey

Generated

> , ipatokenotpalgorithm

Uses default TOTP we do not support more for now. In future it will be a
global policy I assume.

> ,
> ipatokenotpdigits

Should be based on a global policy: do we have a default for that?

> , ipatokentotpclockoffset

Internal

> , ipatokentotptimestep



Should be based on a global policy: do we have a default for that?

> ?) and
> which are less important (ipatokennotbefore

IMO for the self created tokens they should be valid from the moment
they are created to the moment in future governed by a default global
policy. For example 3 years. Do we have an attribute for that?


> , ipatokennotafter ?)
Derive from previous + lifetime


So for normal user to create a token it should be just a button with no
parameters.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/






More information about the Freeipa-devel mailing list