Issue #8431: Remove paramiko usage from ipatests/test_integration/test_otp.py - freeipa

freeipa

#8431 Remove paramiko usage from ipatests/test_integration/test_otp.py

Opened 3 years ago by fcami. Modified 3 years ago

Issue

Companion of https://pagure.io/freeipa/issue/8129

Paramiko is not compatible with FIPS mode or system with strict crypto policies. Therefore we should not use Paramiko in tests. All tests should be rewritten to use the OpenSSH client.

However, test_otp.py's ssh_2f handles two scenarios, one where the OTP password is entered in a single prompt (test_2fa_enable_single_prompt), the other using two prompts (test_2fa_disable_single_prompt).
Handling test_2fa_disable_single_prompt properly using sshpass is not possible until the RFE https://sourceforge.net/p/sshpass/feature-requests/5/ is fulfilled.

Suggested Solution

Improving sshpass should be straightforward.

Metadata Update from @fcami:
- Issue tagged with: fips, testblocker

3 years ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#8431 Remove paramiko usage from ipatests/test_integration/test_otp.py Opened 3 years ago by fcami. Modified 3 years ago

Close issue as:

Issue

Suggested Solution

Metadata

testblocker fips

#8431 Remove paramiko usage from ipatests/test_integration/test_otp.py

Opened 3 years ago by fcami. Modified 3 years ago