[Freeipa-devel] [PATCH 0056] Add otptoken-sync command

Nathaniel McCallum npmccallum at redhat.com
Tue Jun 24 16:26:19 UTC 2014 

On Tue, 2014-06-24 at 15:39 +0300, Alexander Bokovoy wrote:
> On Tue, 03 Jun 2014, Nathaniel McCallum wrote:
> >On Tue, 2014-06-03 at 10:27 +0200, Petr Vobornik wrote:
> >> On 3.6.2014 05:08, Nathaniel McCallum wrote:
> >> > This command calls the token sync HTTP POST call in the server providing
> >> > the CLI interface to synchronization.
> >> >
> >> > https://fedorahosted.org/freeipa/ticket/4260
> >> >
> >> > This patch depends on my patch #0055.
> >> >
> >>
> >> Build fails on validation. You forgot to update API.txt and also the
> >> command misses __doc__.
> >>
> >> (not a proper review)
> Failed for me:
> 
> [root at ipa-01 rpms]# ipa otptoken-show test.token
>   Unique ID: test.token
>   Description: test token
>   Owner: abbra
>   Vendor: FreeIPA
>   Model: hotp
> [root at ipa-01 rpms]# ipa otptoken-sync abbra --token=test.token 
> Password: 
> First Code: 
> Second Code: 
> ipa: ERROR: non-public: IOError: ('http error', 401, 'Unauthorized',
> <httplib.HTTPMessage instance at 0x2cdde60>)
> Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 129,
> in execute
>     result = self.Command[_name](*args, **options)
>   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439,
> in __call__
>     ret = self.run(*args, **options)
>   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1118,
> in run
>     return self.forward(*args, **options)
>   File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py",
> line 427, in forward
>     rsp = urllib.urlopen(sync_uri, query)
>   File "/usr/lib64/python2.7/urllib.py", line 89, in urlopen
>     return opener.open(url, data)
>   File "/usr/lib64/python2.7/urllib.py", line 210, in open
>     return getattr(self, name)(url, data)
>   File "/usr/lib64/python2.7/urllib.py", line 454, in open_https
>     data)
>   File "/usr/lib64/python2.7/urllib.py", line 374, in http_error
>     result = method(url, fp, errcode, errmsg, headers, data)
>   File "/usr/lib64/python2.7/urllib.py", line 689, in http_error_401
>     errcode, errmsg, headers)
>   File "/usr/lib64/python2.7/urllib.py", line 381, in http_error_default
>     raise IOError, ('http error', errcode, errmsg, headers)
> IOError: ('http error', 401, 'Unauthorized', <httplib.HTTPMessage instance at 0x2cdde60>)
> ipa: ERROR: an internal error has occurred
> 
> Note that I can successfully use the token. It looks like authentication
> with urllib.urlopen(sync_uri, query) fails.

Works for me (just tested). I suspect you have not updated the ipa httpd
config. Did you apply patches 0054, 0055 and 0056?

Nathaniel

More information about the Freeipa-devel mailing list