Hi there,
At the moment ipa otptoken-add-yubikey does not add the parameter
"APPEND_CR". This prevents submit the password+OTP. APPEND_CR is usually
very handy, most people use this functionality.
The patch changes the behavior to set APPEND_CR by default and let the
user override this by using the the --do-not-append-cr option.
Thanks,
Luc
--- /usr/lib/python2.7/site-packages/ipalib/plugins/otptoken_yubikey.py.orig 2015-04-07 16:07:41.842573899 +0200
+++ /usr/lib/python2.7/site-packages/ipalib/plugins/otptoken_yubikey.py 2015-04-08 11:50:09.576701774 +0200
@@ -17,7 +17,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-from ipalib import _, Str, IntEnum
+from ipalib import _, Str, IntEnum, Flag
from ipalib.errors import NotFound
from ipalib.plugable import Registry
from ipalib.frontend import Command
@@ -62,6 +62,13 @@
label=_('YubiKey slot'),
values=(1, 2),
),
+ Flag('do_not_append_cr?',
+ cli_name='do_not_append_cr',
+ label=_('Do not append a CR after sending the OTP (default: false)'),
+ doc=_('Do not append a CR after sending the OTP to prevent submitting the password+OTP (default: false)'),
+ default=False,
+ required=False,
+ ),
) + tuple(x for x in otptoken.takes_params if x.name in (
'description',
'ipatokenowner',
@@ -104,6 +111,11 @@
cfg = yk.init_config()
cfg.mode_oath_hotp(key, kwargs['ipatokenotpdigits'])
cfg.extended_flag('SERIAL_API_VISIBLE', True)
+
+ # If the do_not_append_cr flag was not specified, add the parameter APPEND_CR to the config
+ if kwargs.get('do_not_append_cr') is False:
+ cfg.ticket_flag('APPEND_CR', True)
+
yk.write_config(cfg, slot=kwargs['slot'])
# Filter the options we want to pass.
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code