On Fri, 2014-11-21 at 08:49 +0100, Martin Kosek wrote: > On 11/20/2014 05:13 PM, Nathaniel McCallum wrote: > > This tests the general workflow for OTP including most possible > > token combinations. This includes 5872 tests. Further optimization > > is possible to reduce the number of duplicate tests run. > > Good job! Yup, heavy optimization will be needed later. > > > Things not yet tested: > > * ipa-kdb > > Here you would just call kinit instead if LDAP BIND, right?
"just" :) Mostly yes. Special care will be needed around FAST, password changes and not stomping on the admin ticket for running the tests. > > * ipa-otpd > > How would ipa-otpd tested? Wouldn't it be tested if simple kinit is made > instead of direct LDAP BIND? Yes. If desired, it could also be tested directly by sending RADIUS packets. > > * otptoken-sync > > Petr1 can help to provide a Web UI test for this area. Or alternatively for > the > test we could use the LDAP extended operation directly, right? If we can't just call api.Command['otptoken_sync'], we can just do the special bind. It isn't too hard, I just wanted to get patches public. > > * RADIUS proxy > > * token self-management > > * type specific attributes > > +1 > > What about password changes with OTP, can it be also covered? That is included in ipa-kdb, but yes. :) > Also, note that the freeipa-tests would suddenly grow a python-pyotp > dependency, this should be considered. I'm probably going to change this to python-cryptography since we now have it in Fedora. I hear IPA will grow a python-cryptography dependency anyway. Nathaniel _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
