Bug 1451279 – otptoken-add-yubikey KeyError: 'ipatokenotpdigits'

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1451279 - otptoken-add-yubikey KeyError: 'ipatokenotpdigits'

Summary:	otptoken-add-yubikey KeyError: 'ipatokenotpdigits'

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	7.4
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	IPA Maintainers
QA Contact:	Abhijeet Kasurde
Docs Contact:

URL:
Whiteboard:
Keywords:	Regression

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-05-16 05:50 EDT by Petr Vobornik
Modified:	2017-08-01 05:50 EDT (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	ipa-4.5.0-12.el7
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-08-01 05:50:15 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:2304	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2017-08-01 08:41:35 EDT

Groups: None (edit)

Description Petr Vobornik 2017-05-16 05:50:42 EDT

Cloned from upstream: https://pagure.io/freeipa/issue/6900

I'm getting an error when I try to add a yubikey to a user.  All of the commands below are run as root on the client.  Any suggestions on what I'm doing wrong or how to debug this?
```text
# ipa --version
VERSION: 4.4.4, API_VERSION: 2.215

# ipa -v otptoken-add-yubikey --owner=alice
ipa: INFO: trying https://test16.bbn.com/ipa/session/json
ipa: ERROR: non-public: KeyError: 'ipatokenotpdigits'
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 137, in execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 800, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipaclient/plugins/otptoken_yubikey.py", line 145, in forward
    cfg.mode_oath_hotp(key, kwargs['ipatokenotpdigits'])
KeyError: 'ipatokenotpdigits'
ipa: ERROR: an internal error has occurred

# ipa -v user-show alice
ipa: INFO: trying https://test16.bbn.com/ipa/json
ipa: INFO: Forwarding 'user_show/1' to json server 'https://test16.bbn.com/ipa/json'
  User login: alice
  First name: Alice
  Last name: Test
  Home directory: /home/alice
  Login shell: /bin/sh
  Principal name: alice@BBN.COM
  Principal alias: alice@BBN.COM
  Email address: alice@bbn.com
  UID: 431600007
  GID: 431600007
  User authentication types: otp, password
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
```

Comment 2 Petr Vobornik 2017-05-16 05:53:09 EDT

Upstream ticket:
https://pagure.io/freeipa/issue/6900

Comment 3 Martin Bašti 2017-05-16 05:57:01 EDT

Fixed upstream:
ipa-4-5:
* 749fc90d1fde0d012acb05ba64309f4a6ed63124 otptoken-add-yubikey: When --digits not provided use default value

master:
* e415da22f350fbda5b8b341bf2dc5f969cecb84a otptoken-add-yubikey: When --digits not provided use default value

Comment 9 Abhijeet Kasurde 2017-05-18 05:48:43 EDT

Verified using IPA version :: ipa-server-4.5.0-12.el7.x86_64

[root@master1 ~]# ipa -v otptoken-add-yubikey --owner=testuser1
ipa: INFO: trying https://master1.testrelm.test/ipa/session/json
ipa: INFO: Forwarding 'otptoken_add' to json server 'https://master1.testrelm.test/ipa/session/json'
------------------
Added OTP token ""
------------------
  Unique ID: 2c4c3b8d-30db-4525-831b-b264634c8492
  Type: HOTP
  Owner: testuser1
  Vendor: YubiCo
  Model: YubiKey
  Serial: 4940772
  Algorithm: sha1
  Digits: 6
  Counter: 0
  YubiKey slot: 2


Marking BZ as verified.

Comment 10 Abhijeet Kasurde 2017-05-18 05:57:07 EDT

Additional info: 
[root@master1 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Comment 11 errata-xmlrpc 2017-08-01 05:50:15 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304

Note You need to log in before you can comment on or make changes to this bug.