On Fri, 27 Jun 2014, Alexander Bokovoy wrote:
On Fri, 27 Jun 2014, Martin Kosek wrote:
Hello team,
As we are about to very soon release the FreeIPA 4.0, I triaged all the pending
tickets and divided them to following milestones:
1) FreeIPA 4.0 GA - last work that is required for the release. When this
milestone is completed, we will release. All tickets in this milestone are thus
the top priority for people working on 4.0 - this applies both for development
and for reviews.
Endi found that with TOTP we don't yet enforce a requirement to prevent
reuse of OTP code multiple times within the same time step (you are able
to login with TOTP and reuse it for password change within 30 seconds,
for example). RFC3268 part 5.2 clearly says that the verifier MUST NOT
allow this behavior.
Err, RFC 6238, of course. http://tools.ietf.org/html/rfc6238#section-5.2
I'm off for weekend. :)
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
