Bug 1451279 - otptoken-add-yubikey KeyError: 'ipatokenotpdigits'
Summary: otptoken-add-yubikey KeyError: 'ipatokenotpdigits'
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Abhijeet Kasurde
Depends On:
TreeView+ depends on / blocked
Reported: 2017-05-16 09:50 UTC by Petr Vobornik
Modified: 2017-08-01 09:50 UTC (History)
7 users (show)

Fixed In Version: ipa-4.5.0-12.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-08-01 09:50:15 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Petr Vobornik 2017-05-16 09:50:42 UTC
Cloned from upstream: https://pagure.io/freeipa/issue/6900

I'm getting an error when I try to add a yubikey to a user.  All of the commands below are run as root on the client.  Any suggestions on what I'm doing wrong or how to debug this?
# ipa --version
VERSION: 4.4.4, API_VERSION: 2.215

# ipa -v otptoken-add-yubikey --owner=alice
ipa: INFO: trying https://test16.bbn.com/ipa/session/json
ipa: ERROR: non-public: KeyError: 'ipatokenotpdigits'
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 137, in execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 800, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipaclient/plugins/otptoken_yubikey.py", line 145, in forward
    cfg.mode_oath_hotp(key, kwargs['ipatokenotpdigits'])
KeyError: 'ipatokenotpdigits'
ipa: ERROR: an internal error has occurred

# ipa -v user-show alice
ipa: INFO: trying https://test16.bbn.com/ipa/json
ipa: INFO: Forwarding 'user_show/1' to json server 'https://test16.bbn.com/ipa/json'
  User login: alice
  First name: Alice
  Last name: Test
  Home directory: /home/alice
  Login shell: /bin/sh
  Principal name: alice@BBN.COM
  Principal alias: alice@BBN.COM
  Email address: alice@bbn.com
  UID: 431600007
  GID: 431600007
  User authentication types: otp, password
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True

Comment 2 Petr Vobornik 2017-05-16 09:53:09 UTC
Upstream ticket:

Comment 3 Martin Bašti 2017-05-16 09:57:01 UTC
Fixed upstream:
* 749fc90d1fde0d012acb05ba64309f4a6ed63124 otptoken-add-yubikey: When --digits not provided use default value

* e415da22f350fbda5b8b341bf2dc5f969cecb84a otptoken-add-yubikey: When --digits not provided use default value

Comment 9 Abhijeet Kasurde 2017-05-18 09:48:43 UTC
Verified using IPA version :: ipa-server-4.5.0-12.el7.x86_64

[root@master1 ~]# ipa -v otptoken-add-yubikey --owner=testuser1
ipa: INFO: trying https://master1.testrelm.test/ipa/session/json
ipa: INFO: Forwarding 'otptoken_add' to json server 'https://master1.testrelm.test/ipa/session/json'
Added OTP token ""
  Unique ID: 2c4c3b8d-30db-4525-831b-b264634c8492
  Type: HOTP
  Owner: testuser1
  Vendor: YubiCo
  Model: YubiKey
  Serial: 4940772
  Algorithm: sha1
  Digits: 6
  Counter: 0
  YubiKey slot: 2

Marking BZ as verified.

Comment 10 Abhijeet Kasurde 2017-05-18 09:57:07 UTC
Additional info: 
[root@master1 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Comment 11 errata-xmlrpc 2017-08-01 09:50:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.