On Fri, 2014-11-21 at 08:49 +0100, Martin Kosek wrote:
> On 11/20/2014 05:13 PM, Nathaniel McCallum wrote:
> > This tests the general workflow for OTP including most possible
> > token combinations. This includes 5872 tests. Further optimization
> > is possible to reduce the number of duplicate tests run.
> Good job! Yup, heavy optimization will be needed later.
> > Things not yet tested:
> > * ipa-kdb
> Here you would just call kinit instead if LDAP BIND, right?
Mostly yes. Special care will be needed around FAST, password changes
and not stomping on the admin ticket for running the tests.
> > * ipa-otpd
> How would ipa-otpd tested? Wouldn't it be tested if simple kinit is made
> instead of direct LDAP BIND?
Yes. If desired, it could also be tested directly by sending RADIUS
> > * otptoken-sync
> Petr1 can help to provide a Web UI test for this area. Or alternatively for
> test we could use the LDAP extended operation directly, right?
If we can't just call api.Command['otptoken_sync'], we can just do the
special bind. It isn't too hard, I just wanted to get patches public.
> > * RADIUS proxy
> > * token self-management
> > * type specific attributes
> What about password changes with OTP, can it be also covered?
That is included in ipa-kdb, but yes. :)
> Also, note that the freeipa-tests would suddenly grow a python-pyotp
> dependency, this should be considered.
I'm probably going to change this to python-cryptography since we now
have it in Fedora. I hear IPA will grow a python-cryptography dependency
Freeipa-devel mailing list