On 05/06/2016 02:44 PM, Sumit Bose wrote:
On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel McCallum wrote:
This series of patches implements authentication indicator insertion,
evaluation and management in FreeIPA. Besides these patches, two other
patches are needed to round out support.

First, we need a UI patch: https://fedorahosted.org/freeipa/ticket/5872
I've already sent the patch to the ML. I use the API doc string as a tooltip for the authentication indicator field in webui and now there is only "Authentication indicator whitelist" and I think that we might provide more information in webui. So there are two solutions I can write my own tooltip text or we can extend the API doc string for this new option. Actually, there is another one - leave it as it is. What do you think would be better?

Second, we need a SSSD patch to handle the new case where multiple
responders are set (when either 1FA or 2FA can be used).
I've already some initial work done here and will continue with your
patches.

Please note that the last patch in this series (0093) is untested and
simply represents my desire to get these patches off of my hard disk
before I take a long weekend. This patch also requires mrogers' patch
0001 (already merged to master).
I tried to apply your patches and the last patch (93) needs change in VERSION file. IPA_API_VERSION_MINOR is the same as in master. So it needs to be incremented.

Pavel^3

Also worthy of note is the need for an OID for the authentication
control. Hopefully Simo can assign this after we agree that this
control method is sufficient. One question I had was whether or not it
would be possible to send the control only on UNIX sockets (0089;
report_auth_method()).

Please review the approaches taken here. I plan to hit this hard on
Monday.
I'm on a conference next week and currently busy preparing my
presentation. I will give you feedback in the following week.

bye,
Sumit

Nathaniel

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to