Bug 1146860 - [RFE] Offer OTP generation for host enrollment in the UI
Summary: [RFE] Offer OTP generation for host enrollment in the UI
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa   
(Show other bugs)
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
Marc Muehlfeld
URL:
Whiteboard:
Keywords: FutureFeature
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-09-26 09:19 UTC by David Jaša
Modified: 2016-11-04 05:44 UTC (History)
8 users (show)

Fixed In Version: ipa-4.4.0-1.el7
Doc Type: Enhancement
Doc Text:
IdM now supports OTP generation in the Web UI Identity Management (IdM) now supports one-time password (OTP) generation when adding a host in the Web UI. Select the "Generate OTP" check box in the "Add host" dialog. After adding the host, a window displays the generated OTP. You can use this password to join the host to the domain. This procedure simplifies the process and provides a strong OTP. To override the OTP, navigate to the host's details page, click, "Action" and select "Reset One-Time-Password".
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-04 05:44:10 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Verified on ipa-server-4.4.0-12.el7.x86_64 (26.57 KB, image/png)
2016-09-19 07:10 UTC, Varun Mylaraiah
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description David Jaša 2014-09-26 09:19:21 UTC
Description of problem:
Users are quite certain not to come up with random (high-entropy) passwords, let alone with high-entropy one time passwords. IMHO IPA should at least offer to generate OTPs for host enrollment in the UI, or if there are no backward-compatibility concerns, use generation as a default method with custom OTPs as a user-requested fallback

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-37.el6.x86_64 / RHEL 6.5

How reproducible:
always

Steps to Reproduce:
1. add a host in the Web UI
2. set an Enrollment OTP for the host
3.

Actual results:
user is requested to type and retype the password

Expected results:
user should be offered with generated OTP by default

Additional info:

Comment 1 Jan Cholasta 2014-10-02 09:16:53 UTC
It is possible to request a random one-time password when adding a host in the CLI, so I guess it should be possible in the UI as well.

Comment 2 Jan Cholasta 2014-10-02 09:18:41 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4602

Comment 3 Martin Kosek 2015-10-07 12:42:23 UTC
This Bugzilla is a feature request and as such is not a good fit for IdM in RHEL-6 where IdM server is only being stabilized and new functionality is not being added.

I am thus moving the Bugzilla to RHEL-7.x series. When/if the RFE is implemented and you are interested in having it backported to IdM in RHEL-6, please clone a Bugzilla to RHEL-6 and provide business justification so that we can re-consider.

Comment 4 Petr Vobornik 2016-06-02 16:40:12 UTC
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/3b37e29ac6e918027b06e574c2c793f6c521100c

Comment 5 Petr Vobornik 2016-07-13 14:55:07 UTC
this bz was part of rebase

Comment 7 Varun Mylaraiah 2016-09-19 07:10 UTC
Created attachment 1202323 [details]
Verified on ipa-server-4.4.0-12.el7.x86_64

Comment 11 errata-xmlrpc 2016-11-04 05:44:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.