On 4/28/15 6:44 AM, Nathaniel McCallum wrote:
On Fri, 2015-04-17 at 20:21 -0700, Janelle wrote:
On 4/17/15 5:59 PM, Dmitri Pal wrote:
On 04/17/2015 08:07 PM, Janelle wrote:

On Apr 17, 2015, at 16:36, Dmitri Pal <d...@redhat.com> wrote:

<snip> for shorter thread....
Simple. And my test made it simple.
Stand up new vm running fc21/freeipa.
Configure user.
Add password.
Add token.

Login to the vm with the user created using password. Kerberos
ticket assigned, all is well.

Login to web interface with admin. Change user to OTP only.
Go to web UI and click sync OTP.
Enter username, password and 2 OTP sequences. Click sync. Error

Now, ssh to same vm using OTP username. Enter password + OTP
Login successful.
I can reproduce this issue with demo instance.
I will file a bug later today.
I think it is a bug with sync.
Which token do you use time based or event based?

Hmm, makes me wonder - with HOTP fail the same? Off to try it.
This should just affect TOTP. I have posted a patch that should fix
this problem. Are you able to test it?


Sorry - I just got around to testing this and it does resolve the problem - HOWEVER, you took away the ability to "Name" the tokens? They are now "assigned" unique IDs??

Was this intentional?


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to