On Mon, 2014-06-23 at 09:42 +0200, Martin Kosek wrote: > On 06/23/2014 09:29 AM, Alexander Bokovoy wrote: > > On Fri, 20 Jun 2014, Nathaniel McCallum wrote: > >> On Thu, 2014-06-19 at 16:30 -0400, Nathaniel McCallum wrote: > >>> This command behaves almost exactly like otptoken-add except: > >>> 1. The new token data is written directly to a YubiKey > >>> 2. The vendor/model/serial fields are populated from the YubiKey > >>> > >>> === NOTE === > >>> 1. This patch depends on the new Fedora package: python-yubico. If you > >>> would like to help with the package review, please assign yourself here: > >>> https://bugzilla.redhat.com/show_bug.cgi?id=1111334 > >> > >> New version of the patch. This one works (yay!). > >> > >> 1. Because of the dependency on python-yubico, is this feature something > >> we want in core FreeIPA? As a subpackage? Separate project altogether? > >> The only dependency for python-yubico is pyusb. > > I'd prefer to have it integrated but have a separate dummy subpackage > > that pulls in all required dependencies, like, freeipa-tools-yubico. > > Instead of > > failing when 'ipa otptoken-add-yubikey' is called, please wrap the > > python-yubico import into a code that allows reporting a message back to > > the user advising to install the package. > > +1. For 4.0, I would just fail cleanly and keep functioning if python-yubico > is > not configured, just like in Alexander's trust example. > > For 4.2, we plan to introduce subpackages > (https://fedorahosted.org/freeipa/ticket/4058). This is the right time and > place to introduce something like "freeipa-server-otp" which would contain the > files and requirements for OTP. It would also give is time to get it to > standard Fedora repositories if we want this functionality by default.
python-yubico is already in F21 (as of yesterday). So, unless there is some other reason that matters, we can probably just add a hard dependency for now. Is that acceptable? Nathaniel _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
