[Freeipa-users] 4.1.4 and OTP
Janelle
janellenicole80 at gmail.com
Sun May 17 23:49:42 UTC 2015
On 4/28/15 6:44 AM, Nathaniel McCallum wrote:
> On Fri, 2015-04-17 at 20:21 -0700, Janelle wrote:
>> On 4/17/15 5:59 PM, Dmitri Pal wrote:
>>> On 04/17/2015 08:07 PM, Janelle wrote:
>>>>
>>>>
>>>>
>>>> On Apr 17, 2015, at 16:36, Dmitri Pal <dpal at redhat.com> wrote:
>>>>
<snip> for shorter thread....
>>>> Simple. And my test made it simple.
>>>> Stand up new vm running fc21/freeipa.
>>>> Configure user.
>>>> Add password.
>>>> Add token.
>>>>
>>>> Login to the vm with the user created using password. Kerberos
>>>> ticket assigned, all is well.
>>>>
>>>> Login to web interface with admin. Change user to OTP only.
>>>> Go to web UI and click sync OTP.
>>>> Enter username, password and 2 OTP sequences. Click sync. Error
>>>> appears.
>>>>
>>>> Now, ssh to same vm using OTP username. Enter password + OTP
>>>> value.
>>>> Login successful.
>>> I can reproduce this issue with demo instance.
>>> I will file a bug later today.
>>> I think it is a bug with sync.
>>> Which token do you use time based or event based?
>> TOTP...
>>
>> Hmm, makes me wonder - with HOTP fail the same? Off to try it.
> This should just affect TOTP. I have posted a patch that should fix
> this problem. Are you able to test it?
>
> https://www.redhat.com/archives/freeipa-devel/2015-April/msg00282.html
>
>
Sorry - I just got around to testing this and it does resolve the
problem - HOWEVER, you took away the ability to "Name" the tokens? They
are now "assigned" unique IDs??
Was this intentional?
~J
More information about the Freeipa-users
mailing list