On 05/06/2016 02:44 PM, Sumit Bose wrote:
I've already sent the patch to the ML. I use the API doc string as a
tooltip for the authentication indicator field in webui and now there is
only "Authentication indicator whitelist" and I think that we might
provide more information in webui. So there are two solutions I can
write my own tooltip text or we can extend the API doc string for this
new option. Actually, there is another one - leave it as it is. What do
you think would be better?
On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel McCallum wrote:
This series of patches implements authentication indicator insertion,
evaluation and management in FreeIPA. Besides these patches, two other
patches are needed to round out support.
First, we need a UI patch: https://fedorahosted.org/freeipa/ticket/5872
I tried to apply your patches and the last patch (93) needs change in
VERSION file. IPA_API_VERSION_MINOR is the same as in master. So it
needs to be incremented.
Second, we need a SSSD patch to handle the new case where multiple
responders are set (when either 1FA or 2FA can be used).
I've already some initial work done here and will continue with your
Please note that the last patch in this series (0093) is untested and
simply represents my desire to get these patches off of my hard disk
before I take a long weekend. This patch also requires mrogers' patch
0001 (already merged to master).
Also worthy of note is the need for an OID for the authentication
control. Hopefully Simo can assign this after we agree that this
control method is sufficient. One question I had was whether or not it
would be possible to send the control only on UNIX sockets (0089;
Please review the approaches taken here. I plan to hit this hard on
I'm on a conference next week and currently busy preparing my
presentation. I will give you feedback in the following week.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code