On 11/13/2014 07:39 AM, Nathaniel McCallum wrote:
> On Mon, 2014-11-10 at 09:08 +0100, Martin Kosek wrote:
>> On 11/10/2014 08:31 AM, Alexander Bokovoy wrote:
>>> On Mon, 10 Nov 2014, Jan Cholasta wrote:
>>>> Hi,
>>>> Dne 7.11.2014 v 16:51 Nathaniel McCallum napsal(a):
>>>>> https://fedorahosted.org/freeipa/ticket/4693
>>>> Is it good enough to just say "No YubiKey found"? Would it make sense to 
>>>> log
>>>> the original message, for the sake of debugging why the yubikey was not 
>>>> found?
>>> This is logged on the client side so it only would be visible if you
>>> would run 'ipa' tool with -v. Perhaps useful but my practice with
>>> yubikeys says that most of issues are basically permission-related:
>>> you've inserted the key and udev rules didn't change access to allow
>>> getting to it via libusb. In this case our debugging will hardly be
>>> helpful beyond 'yes, it is not accessible' which is already conveyed by
>>> the original message.
>> Ok. Though IMO, passing the USBError string to the error would still be a 
>> good
>> thing to do - unless we have a strong reason to hide it. Error stating 
>> "Access
>> denied (insufficient permissions)" would steer the person closer to the root
>> cause that just "No YubiKey found".
> It took a bit to figure out exactly how to handle the errors, but the
> attached patch passes the error codes through.

Yup, this is exactly what I wanted to see, ACK!

Pushed to:
master: b3a6701e73f6ccd4dff1dab47554381f42d40bb4
ipa-4-1: a7a7e967580c8ef4fa4341aa8b8877128e7d822a


Freeipa-devel mailing list

Reply via email to