ipa-otptoken-import provides an option (-k KEYFILE) to import an encrypted PSKC file but this option does not work with python3 in RHEL 8 and above.
-k KEYFILE
The command fails with:
ipapython.admintool: DEBUG: File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 177, in execute self.validate_options() File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_otptoken_import.py", line 553, in validate_options self.doc.setKey(f.read()) File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_otptoken_import.py", line 495, in setKey key = kd(self.__enckey).derive(key) File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_otptoken_import.py", line 234, in derive return self.kdf.derive(masterkey) File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/kdf/pbkdf2.py", line 49, in derive utils._check_byteslike("key_material", key_material) File "/usr/lib64/python3.6/site-packages/cryptography/utils.py", line 36, in _check_byteslike raise TypeError("{} must be bytes-like".format(name)) ipapython.admintool: DEBUG: The ipa-otptoken-import command failed, exception: TypeError: key_material must be bytes-like ipapython.admintool: ERROR: key_material must be bytes-like ipapython.admintool: ERROR: The ipa-otptoken-import command failed.
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-39616, https://issues.redhat.com/browse/RHEL-42703, https://issues.redhat.com/browse/RHEL-42705
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/7390
master:
ipa-4-12:
ipa-4-11:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.