[Freeipa-devel] [PATCH 0078] Enable QR code display by default in otptoken-add
Petr Viktorin
pviktori at redhat.com
Fri Nov 14 19:05:35 UTC 2014
On 11/14/2014 08:03 PM, Petr Viktorin wrote:
> On 11/14/2014 07:26 PM, Simo Sorce wrote:
>> On Fri, 14 Nov 2014 14:08:24 +0100
>> Petr Viktorin <pviktori at redhat.com> wrote:
>>
>>> On 11/14/2014 01:18 PM, Petr Vobornik wrote:
>>> [...]
>>>>>
>>>>> Nope, defaults are filled in by the client. (And also on the
>>>>> server if they're still missing; it's part of the common
>>>>> validation.)
>>>>
>>>> IMHO this is quite unfortunate behavior which may also fail
>>>> horribly if there is a newer client and an older server ->
>>>> backwards compatibility is on API level, not CLI level. Defaults
>>>> should be filled by server, not a client. We should seriously
>>>> reconsider the design of our CLI. But that's for different, future
>>>> discussion.
>>>
>>> You can't use a newer client with an older server, you get a
>>> VersionError in that case.
>>
>> Does it break only for this command ?
>> Or in general.
>
> In general. It's been built into the framework since IPA 2.0 [0]. There
> have been four years of development assuming this compatibility scheme.
I should clarify – this is only for the API, i.e. the `ipa` command.
Clients of the "ipa-client-install" sort don't use the API.
>> If a Fedora 21 client can't talk to a RHEL 6 server we have a huge
>> problem that we need to fix *yesterday*.
>
> Then we have a huge task on our hands.
>
>
> [0] ticket https://fedorahosted.org/freeipa/ticket/584
>
--
Petr³
More information about the Freeipa-devel
mailing list