#8431 Remove paramiko usage from ipatests/test_integration/test_otp.py
Opened 2 years ago by fcami. Modified 2 years ago


Companion of https://pagure.io/freeipa/issue/8129

Paramiko is not compatible with FIPS mode or system with strict crypto policies. Therefore we should not use Paramiko in tests. All tests should be rewritten to use the OpenSSH client.

However, test_otp.py's ssh_2f handles two scenarios, one where the OTP password is entered in a single prompt (test_2fa_enable_single_prompt), the other using two prompts (test_2fa_disable_single_prompt).
Handling test_2fa_disable_single_prompt properly using sshpass is not possible until the RFE https://sourceforge.net/p/sshpass/feature-requests/5/ is fulfilled.

Suggested Solution

Improving sshpass should be straightforward.

Metadata Update from @fcami:
- Issue tagged with: fips, testblocker

2 years ago

Login to comment on this ticket.