On 11/13/2014 07:39 AM, Nathaniel McCallum wrote:
> On Mon, 2014-11-10 at 09:08 +0100, Martin Kosek wrote:
>> On 11/10/2014 08:31 AM, Alexander Bokovoy wrote:
>>> On Mon, 10 Nov 2014, Jan Cholasta wrote:
>>>> Dne 7.11.2014 v 16:51 Nathaniel McCallum napsal(a):
>>>> Is it good enough to just say "No YubiKey found"? Would it make sense to
>>>> the original message, for the sake of debugging why the yubikey was not
>>> This is logged on the client side so it only would be visible if you
>>> would run 'ipa' tool with -v. Perhaps useful but my practice with
>>> yubikeys says that most of issues are basically permission-related:
>>> you've inserted the key and udev rules didn't change access to allow
>>> getting to it via libusb. In this case our debugging will hardly be
>>> helpful beyond 'yes, it is not accessible' which is already conveyed by
>>> the original message.
>> Ok. Though IMO, passing the USBError string to the error would still be a
>> thing to do - unless we have a strong reason to hide it. Error stating
>> denied (insufficient permissions)" would steer the person closer to the root
>> cause that just "No YubiKey found".
> It took a bit to figure out exactly how to handle the errors, but the
> attached patch passes the error codes through.
Yup, this is exactly what I wanted to see, ACK!
Freeipa-devel mailing list