Hide Forgot
Description of problem: Users are quite certain not to come up with random (high-entropy) passwords, let alone with high-entropy one time passwords. IMHO IPA should at least offer to generate OTPs for host enrollment in the UI, or if there are no backward-compatibility concerns, use generation as a default method with custom OTPs as a user-requested fallback Version-Release number of selected component (if applicable): ipa-server-3.0.0-37.el6.x86_64 / RHEL 6.5 How reproducible: always Steps to Reproduce: 1. add a host in the Web UI 2. set an Enrollment OTP for the host 3. Actual results: user is requested to type and retype the password Expected results: user should be offered with generated OTP by default Additional info:
It is possible to request a random one-time password when adding a host in the CLI, so I guess it should be possible in the UI as well.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/4602
This Bugzilla is a feature request and as such is not a good fit for IdM in RHEL-6 where IdM server is only being stabilized and new functionality is not being added. I am thus moving the Bugzilla to RHEL-7.x series. When/if the RFE is implemented and you are interested in having it backported to IdM in RHEL-6, please clone a Bugzilla to RHEL-6 and provide business justification so that we can re-consider.
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/3b37e29ac6e918027b06e574c2c793f6c521100c
this bz was part of rebase
Created attachment 1202323 [details] Verified on ipa-server-4.4.0-12.el7.x86_64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html