Alexander Bokovoy wrote:
On Wed, 05 Oct 2011, Rob Crittenden wrote:
I ended up not using raiseonerr=False as all I needed is a way to
break out of the loop on success so that will come sequentially if
there is no exception.
Patch attached.
This works but there is a noticeable pause on my system when ntpdate
is being run. I think it would be handy to output a message saying
that the date is being updated.
I'll add the message.
Is it necessary to sync the date when a one-time password is being
used? It doesn't hurt but it does pause a second or three.
If I understand correctly, our use of OTP term for hosts is different
from what current IETF draft on OTP preauth with kerberos assumes.
At least, according to IETF draft on OTP preauth with kerberos,
http://tools.ietf.org/html/draft-ietf-krb-wg-otp-preauth-19#section-2.4
client has to submit next key if clocks have drifted which implies you
cannot re-use the same OTP next time. To me this looks like in OTP
case clocks synchronization is very important. In our OTP case it does
not matter except for an artificial delay...
This is not Kerberos OTP, it does an LDAP simple bind.
I've added the message.
Ok, I'll take a look.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
