Bug 1146860

Summary: [RFE] Offer OTP generation for host enrollment in the UI
Product: Red Hat Enterprise Linux 7 Reporter: David Jaša <djasa>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: medium Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: unspecified    
Version: 7.2CC: enewland, jcholast, ksiddiqu, mkosek, mvarun, pvoborni, pvomacka, rcritten
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.4.0-1.el7 Doc Type: Enhancement
Doc Text:
IdM now supports OTP generation in the Web UI Identity Management (IdM) now supports one-time password (OTP) generation when adding a host in the Web UI. Select the "Generate OTP" check box in the "Add host" dialog. After adding the host, a window displays the generated OTP. You can use this password to join the host to the domain. This procedure simplifies the process and provides a strong OTP. To override the OTP, navigate to the host's details page, click, "Action" and select "Reset One-Time-Password".
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 05:44:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Verified on ipa-server-4.4.0-12.el7.x86_64 none

Description David Jaša 2014-09-26 09:19:21 UTC
Description of problem:
Users are quite certain not to come up with random (high-entropy) passwords, let alone with high-entropy one time passwords. IMHO IPA should at least offer to generate OTPs for host enrollment in the UI, or if there are no backward-compatibility concerns, use generation as a default method with custom OTPs as a user-requested fallback

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-37.el6.x86_64 / RHEL 6.5

How reproducible:
always

Steps to Reproduce:
1. add a host in the Web UI
2. set an Enrollment OTP for the host
3.

Actual results:
user is requested to type and retype the password

Expected results:
user should be offered with generated OTP by default

Additional info:

Comment 1 Jan Cholasta 2014-10-02 09:16:53 UTC
It is possible to request a random one-time password when adding a host in the CLI, so I guess it should be possible in the UI as well.

Comment 2 Jan Cholasta 2014-10-02 09:18:41 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4602

Comment 3 Martin Kosek 2015-10-07 12:42:23 UTC
This Bugzilla is a feature request and as such is not a good fit for IdM in RHEL-6 where IdM server is only being stabilized and new functionality is not being added.

I am thus moving the Bugzilla to RHEL-7.x series. When/if the RFE is implemented and you are interested in having it backported to IdM in RHEL-6, please clone a Bugzilla to RHEL-6 and provide business justification so that we can re-consider.

Comment 4 Petr Vobornik 2016-06-02 16:40:12 UTC
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/3b37e29ac6e918027b06e574c2c793f6c521100c

Comment 5 Petr Vobornik 2016-07-13 14:55:07 UTC
this bz was part of rebase

Comment 7 Varun Mylaraiah 2016-09-19 07:10:30 UTC
Created attachment 1202323 [details]
Verified on ipa-server-4.4.0-12.el7.x86_64

Comment 11 errata-xmlrpc 2016-11-04 05:44:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html