[Freeipa-devel] [PATCH 0056] Add otptoken-sync command
Nathaniel McCallum
npmccallum at redhat.com
Tue Jun 24 19:42:14 UTC 2014
On Tue, 2014-06-24 at 21:40 +0200, Martin Kosek wrote:
> On 06/24/2014 06:44 PM, Alexander Bokovoy wrote:
> > On Tue, 24 Jun 2014, Nathaniel McCallum wrote:
> >> On Tue, 2014-06-24 at 19:34 +0300, Alexander Bokovoy wrote:
> >>> On Tue, 24 Jun 2014, Nathaniel McCallum wrote:
> >>> >On Tue, 2014-06-24 at 15:39 +0300, Alexander Bokovoy wrote:
> >>> >> On Tue, 03 Jun 2014, Nathaniel McCallum wrote:
> >>> >> >On Tue, 2014-06-03 at 10:27 +0200, Petr Vobornik wrote:
> >>> >> >> On 3.6.2014 05:08, Nathaniel McCallum wrote:
> >>> >> >> > This command calls the token sync HTTP POST call in the server
> >>> providing
> >>> >> >> > the CLI interface to synchronization.
> >>> >> >> >
> >>> >> >> > https://fedorahosted.org/freeipa/ticket/4260
> >>> >> >> >
> >>> >> >> > This patch depends on my patch #0055.
> >>> >> >> >
> >>> >> >>
> >>> >> >> Build fails on validation. You forgot to update API.txt and also the
> >>> >> >> command misses __doc__.
> >>> >> >>
> >>> >> >> (not a proper review)
> >>> >> Failed for me:
> >>> >>
> >>> >> [root at ipa-01 rpms]# ipa otptoken-show test.token
> >>> >> Unique ID: test.token
> >>> >> Description: test token
> >>> >> Owner: abbra
> >>> >> Vendor: FreeIPA
> >>> >> Model: hotp
> >>> >> [root at ipa-01 rpms]# ipa otptoken-sync abbra --token=test.token
> >>> >> Password:
> >>> >> First Code:
> >>> >> Second Code:
> >>> >> ipa: ERROR: non-public: IOError: ('http error', 401, 'Unauthorized',
> >>> >> <httplib.HTTPMessage instance at 0x2cdde60>)
> >>> >> Traceback (most recent call last):
> >>> >> File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 129,
> >>> >> in execute
> >>> >> result = self.Command[_name](*args, **options)
> >>> >> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439,
> >>> >> in __call__
> >>> >> ret = self.run(*args, **options)
> >>> >> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1118,
> >>> >> in run
> >>> >> return self.forward(*args, **options)
> >>> >> File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py",
> >>> >> line 427, in forward
> >>> >> rsp = urllib.urlopen(sync_uri, query)
> >>> >> File "/usr/lib64/python2.7/urllib.py", line 89, in urlopen
> >>> >> return opener.open(url, data)
> >>> >> File "/usr/lib64/python2.7/urllib.py", line 210, in open
> >>> >> return getattr(self, name)(url, data)
> >>> >> File "/usr/lib64/python2.7/urllib.py", line 454, in open_https
> >>> >> data)
> >>> >> File "/usr/lib64/python2.7/urllib.py", line 374, in http_error
> >>> >> result = method(url, fp, errcode, errmsg, headers, data)
> >>> >> File "/usr/lib64/python2.7/urllib.py", line 689, in http_error_401
> >>> >> errcode, errmsg, headers)
> >>> >> File "/usr/lib64/python2.7/urllib.py", line 381, in http_error_default
> >>> >> raise IOError, ('http error', errcode, errmsg, headers)
> >>> >> IOError: ('http error', 401, 'Unauthorized', <httplib.HTTPMessage
> >>> instance at 0x2cdde60>)
> >>> >> ipa: ERROR: an internal error has occurred
> >>> >>
> >>> >> Note that I can successfully use the token. It looks like authentication
> >>> >> with urllib.urlopen(sync_uri, query) fails.
> >>> >
> >>> >Works for me (just tested). I suspect you have not updated the ipa httpd
> >>> >config. Did you apply patches 0054, 0055 and 0056?
> >>> Yes, I did apply those patches and I installed packages as an upgrade.
> >>> How I supposed to update httpd config? I think we need to solve this
> >>> without re-install and it should be done automatically.
> >>
> >> Oh. I thought it *was* done automatically...
> > No. You only modified the template which is used for an install from
> > scratch.
>
> It *will* get updated automatically if you bump the "VERSION" on the first line
> of install/conf/ipa.conf.
Yup, I figured that out about 15 minutes ago by looking at your past
commits. :)
Nathaniel
More information about the Freeipa-devel
mailing list