[Freeipa-devel] [PATCH 0079] Catch USBError during YubiKey location
Nathaniel McCallum
npmccallum at redhat.com
Thu Nov 13 06:39:38 UTC 2014
On Mon, 2014-11-10 at 09:08 +0100, Martin Kosek wrote:
> On 11/10/2014 08:31 AM, Alexander Bokovoy wrote:
> > On Mon, 10 Nov 2014, Jan Cholasta wrote:
> >> Hi,
> >>
> >> Dne 7.11.2014 v 16:51 Nathaniel McCallum napsal(a):
> >>> https://fedorahosted.org/freeipa/ticket/4693
> >>
> >> Is it good enough to just say "No YubiKey found"? Would it make sense to log
> >> the original message, for the sake of debugging why the yubikey was not found?
> > This is logged on the client side so it only would be visible if you
> > would run 'ipa' tool with -v. Perhaps useful but my practice with
> > yubikeys says that most of issues are basically permission-related:
> > you've inserted the key and udev rules didn't change access to allow
> > getting to it via libusb. In this case our debugging will hardly be
> > helpful beyond 'yes, it is not accessible' which is already conveyed by
> > the original message.
>
> Ok. Though IMO, passing the USBError string to the error would still be a good
> thing to do - unless we have a strong reason to hide it. Error stating "Access
> denied (insufficient permissions)" would steer the person closer to the root
> cause that just "No YubiKey found".
It took a bit to figure out exactly how to handle the errors, but the
attached patch passes the error codes through.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-npmccallum-0079.1-Catch-USBError-during-YubiKey-location.patch
Type: text/x-patch
Size: 1262 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141113/077e45d4/attachment.bin>
More information about the Freeipa-devel
mailing list