#6900 otptoken-add-yubikey KeyError: 'ipatokenotpdigits'
Closed: fixed 7 years ago Opened 7 years ago by sweeks.

I'm getting an error when I try to add a yubikey to a user. All of the commands below are run as root on the client. Any suggestions on what I'm doing wrong or how to debug this?

# ipa --version
VERSION: 4.4.4, API_VERSION: 2.215

# ipa -v otptoken-add-yubikey --owner=alice
ipa: INFO: trying https://test16.bbn.com/ipa/session/json
ipa: ERROR: non-public: KeyError: 'ipatokenotpdigits'
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 137, in execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 800, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipaclient/plugins/otptoken_yubikey.py", line 145, in forward
    cfg.mode_oath_hotp(key, kwargs['ipatokenotpdigits'])
KeyError: 'ipatokenotpdigits'
ipa: ERROR: an internal error has occurred

# ipa -v user-show alice
ipa: INFO: trying https://test16.bbn.com/ipa/json
ipa: INFO: Forwarding 'user_show/1' to json server 'https://test16.bbn.com/ipa/json'
  User login: alice
  First name: Alice
  Last name: Test
  Home directory: /home/alice
  Login shell: /bin/sh
  Principal name: alice@BBN.COM
  Principal alias: alice@BBN.COM
  Email address: alice@bbn.com
  UID: 431600007
  GID: 431600007
  User authentication types: otp, password
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True

I'm able to reproduce the bug. 4.5 and master are broken, too.

Seems to me as thin client regression. The client side method no longer gets its params from server side otptoken object - namely default value for ipatokenotpdigits.

Turns out that the --digits parameter is required. When I enter:

ipa otptoken-add-yubikey --owner=alice --digits=8

Things worked fine.

Metadata Update from @pvoborni:
- Issue priority set to: critical
- Issue set to the milestone: FreeIPA 4.5.1

7 years ago

Metadata Update from @dkupka:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/785

7 years ago

Metadata Update from @pvoborni:
- Issue assigned to dkupka
- Issue tagged with: regression

7 years ago

ipa-4-5:

  • 749fc90 otptoken-add-yubikey: When --digits not provided use default value

master:

  • e415da2 otptoken-add-yubikey: When --digits not provided use default value

Metadata Update from @mbasti:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

7 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1451279

7 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1451279

7 years ago

Log in to comment on this ticket.

Metadata