On Tue, Jun 21, 2016 at 02:25:49PM -0400, Nathaniel McCallum wrote: > https://fedorahosted.org/freeipa/ticket/433
The patch works for me as expected, but the API.txt update is missing in the patch. bye, Sumit > From c7254a9dd182b34665b50c45c5ece42a3cbc56e2 Mon Sep 17 00:00:00 2001 > From: Nathaniel McCallum <npmccal...@redhat.com> > Date: Tue, 21 Jun 2016 14:19:03 -0400 > Subject: [PATCH] Add authentication indicators support to Host objects > > https://fedorahosted.org/freeipa/ticket/433 > --- > ipaserver/plugins/host.py | 17 ++++++++++++++++- > 1 file changed, 16 insertions(+), 1 deletion(-) > > diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py > index > 15805a3d2292dcf176ec52afdd3885563eea1210..905116e9c4d12c9e35bb82a5ff2c7bd8b920e80d > 100644 > --- a/ipaserver/plugins/host.py > +++ b/ipaserver/plugins/host.py > @@ -294,7 +294,7 @@ class host(LDAPObject): > 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', > 'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof', > 'managedby', 'memberofindirect', 'macaddress', > - 'userclass', 'ipaallowedtoperform', 'ipaassignedidview', > + 'userclass', 'ipaallowedtoperform', 'ipaassignedidview', > 'krbprincipalauthind' > ] > uuid_attribute = 'ipauniqueid' > attribute_members = { > @@ -529,6 +529,14 @@ class host(LDAPObject): > label=_('Assigned ID View'), > flags=['no_option'], > ), > + Str('krbprincipalauthind*', > + cli_name='auth_ind', > + label=_('Authentication Indicators'), > + doc=_("Defines a whitelist for Authentication Indicators." > + " Use 'otp' to allow OTP-based 2FA authentications." > + " Use 'radius' to allow RADIUS-based 2FA authentications." > + " Other values may be used for custom configurations."), > + ), > ) + ticket_flags_params > > def get_dn(self, *keys, **options): > @@ -910,6 +918,13 @@ class host_mod(LDAPUpdate): > if 'krbticketpolicyaux' not in entry_attrs['objectclass']: > entry_attrs['objectclass'].append('krbticketpolicyaux') > > + if 'krbprincipalauthind' in entry_attrs: > + if 'objectclass' not in entry_attrs: > + entry_attrs_old = ldap.get_entry(dn, ['objectclass']) > + entry_attrs['objectclass'] = entry_attrs_old['objectclass'] > + if 'krbprincipalaux' not in entry_attrs['objectclass']: > + entry_attrs['objectclass'].append('krbprincipalaux') > + > add_sshpubkey_to_attrs_pre(self.context, attrs_list) > > return dn > -- > 2.9.0 > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code