I'm getting an error when I try to add a yubikey to a user. All of the commands below are run as root on the client. Any suggestions on what I'm doing wrong or how to debug this?
# ipa --version VERSION: 4.4.4, API_VERSION: 2.215 # ipa -v otptoken-add-yubikey --owner=alice ipa: INFO: trying https://test16.bbn.com/ipa/session/json ipa: ERROR: non-public: KeyError: 'ipatokenotpdigits' Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 137, in execute result = self.Command[_name](*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in __do_call ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 800, in run return self.forward(*args, **options) File "/usr/lib/python2.7/site-packages/ipaclient/plugins/otptoken_yubikey.py", line 145, in forward cfg.mode_oath_hotp(key, kwargs['ipatokenotpdigits']) KeyError: 'ipatokenotpdigits' ipa: ERROR: an internal error has occurred # ipa -v user-show alice ipa: INFO: trying https://test16.bbn.com/ipa/json ipa: INFO: Forwarding 'user_show/1' to json server 'https://test16.bbn.com/ipa/json' User login: alice First name: Alice Last name: Test Home directory: /home/alice Login shell: /bin/sh Principal name: alice@BBN.COM Principal alias: alice@BBN.COM Email address: alice@bbn.com UID: 431600007 GID: 431600007 User authentication types: otp, password Account disabled: False Password: True Member of groups: ipausers Kerberos keys available: True
I'm able to reproduce the bug. 4.5 and master are broken, too.
Seems to me as thin client regression. The client side method no longer gets its params from server side otptoken object - namely default value for ipatokenotpdigits.
ipatokenotpdigits
Turns out that the --digits parameter is required. When I enter:
ipa otptoken-add-yubikey --owner=alice --digits=8
Things worked fine.
Metadata Update from @pvoborni: - Issue priority set to: critical - Issue set to the milestone: FreeIPA 4.5.1
Metadata Update from @dkupka: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/785
Metadata Update from @pvoborni: - Issue assigned to dkupka - Issue tagged with: regression
ipa-4-5:
master:
Metadata Update from @mbasti: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1451279
Issue linked to bug 1451279
Log in to comment on this ticket.