From 5baa9413177c624be8398f6a23614e2ce0bdbba3 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Thu, 8 May 2014 11:06:16 -0400 Subject: Implement OTP token importing This patch adds support for importing tokens using RFC 6030 key container files. This includes decryption support. For sysadmin sanity, any tokens which fail to add will be written to the output file for examination. The main use case here is where a small subset of a large set of tokens fails to validate or add. Using the output file, the sysadmin can attempt to recover these specific tokens. This code is implemented as a server-side script. However, it doesn't actually need to run on the server. This was done because importing is an odd fit for the IPA command framework: 1. We need to write an output file. 2. The operation may be long-running (thousands of tokens). 3. Only admins need to perform this task and it only happens infrequently. https://fedorahosted.org/freeipa/ticket/4261 Reviewed-By: Alexander Bokovoy --- freeipa.spec.in | 2 ++ 1 file changed, 2 insertions(+) (limited to 'freeipa.spec.in') diff --git a/freeipa.spec.in b/freeipa.spec.in index e19fd2a19..4631a5936 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -305,6 +305,7 @@ Requires: python-netaddr Requires: libipa_hbac-python Requires: python-qrcode Requires: python-pyasn1 +Requires: python-dateutil Obsoletes: ipa-python >= 1.0 @@ -638,6 +639,7 @@ fi %{_sbindir}/ipa-csreplica-manage %{_sbindir}/ipa-server-certinstall %{_sbindir}/ipa-ldap-updater +%{_sbindir}/ipa-otptoken-import %{_sbindir}/ipa-compat-manage %{_sbindir}/ipa-nis-manage %{_sbindir}/ipa-managed-entries -- cgit