On 06/23/2014 09:29 AM, Alexander Bokovoy wrote: > On Fri, 20 Jun 2014, Nathaniel McCallum wrote: >> On Thu, 2014-06-19 at 16:30 -0400, Nathaniel McCallum wrote: >>> This command behaves almost exactly like otptoken-add except: >>> 1. The new token data is written directly to a YubiKey >>> 2. The vendor/model/serial fields are populated from the YubiKey >>> >>> === NOTE === >>> 1. This patch depends on the new Fedora package: python-yubico. If you >>> would like to help with the package review, please assign yourself here: >>> https://bugzilla.redhat.com/show_bug.cgi?id=1111334 >> >> New version of the patch. This one works (yay!). >> >> 1. Because of the dependency on python-yubico, is this feature something >> we want in core FreeIPA? As a subpackage? Separate project altogether? >> The only dependency for python-yubico is pyusb. > I'd prefer to have it integrated but have a separate dummy subpackage > that pulls in all required dependencies, like, freeipa-tools-yubico. Instead > of > failing when 'ipa otptoken-add-yubikey' is called, please wrap the > python-yubico import into a code that allows reporting a message back to > the user advising to install the package.
+1. For 4.0, I would just fail cleanly and keep functioning if python-yubico is not configured, just like in Alexander's trust example. For 4.2, we plan to introduce subpackages (https://fedorahosted.org/freeipa/ticket/4058). This is the right time and place to introduce something like "freeipa-server-otp" which would contain the files and requirements for OTP. It would also give is time to get it to standard Fedora repositories if we want this functionality by default. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
