Hide Forgot
Cloned from upstream: https://pagure.io/freeipa/issue/6900 I'm getting an error when I try to add a yubikey to a user. All of the commands below are run as root on the client. Any suggestions on what I'm doing wrong or how to debug this? ```text # ipa --version VERSION: 4.4.4, API_VERSION: 2.215 # ipa -v otptoken-add-yubikey --owner=alice ipa: INFO: trying https://test16.bbn.com/ipa/session/json ipa: ERROR: non-public: KeyError: 'ipatokenotpdigits' Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 137, in execute result = self.Command[_name](*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 449, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 477, in __do_call ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 800, in run return self.forward(*args, **options) File "/usr/lib/python2.7/site-packages/ipaclient/plugins/otptoken_yubikey.py", line 145, in forward cfg.mode_oath_hotp(key, kwargs['ipatokenotpdigits']) KeyError: 'ipatokenotpdigits' ipa: ERROR: an internal error has occurred # ipa -v user-show alice ipa: INFO: trying https://test16.bbn.com/ipa/json ipa: INFO: Forwarding 'user_show/1' to json server 'https://test16.bbn.com/ipa/json' User login: alice First name: Alice Last name: Test Home directory: /home/alice Login shell: /bin/sh Principal name: alice@BBN.COM Principal alias: alice@BBN.COM Email address: alice@bbn.com UID: 431600007 GID: 431600007 User authentication types: otp, password Account disabled: False Password: True Member of groups: ipausers Kerberos keys available: True ```
Upstream ticket: https://pagure.io/freeipa/issue/6900
Fixed upstream: ipa-4-5: * 749fc90d1fde0d012acb05ba64309f4a6ed63124 otptoken-add-yubikey: When --digits not provided use default value master: * e415da22f350fbda5b8b341bf2dc5f969cecb84a otptoken-add-yubikey: When --digits not provided use default value
Verified using IPA version :: ipa-server-4.5.0-12.el7.x86_64 [root@master1 ~]# ipa -v otptoken-add-yubikey --owner=testuser1 ipa: INFO: trying https://master1.testrelm.test/ipa/session/json ipa: INFO: Forwarding 'otptoken_add' to json server 'https://master1.testrelm.test/ipa/session/json' ------------------ Added OTP token "" ------------------ Unique ID: 2c4c3b8d-30db-4525-831b-b264634c8492 Type: HOTP Owner: testuser1 Vendor: YubiCo Model: YubiKey Serial: 4940772 Algorithm: sha1 Digits: 6 Counter: 0 YubiKey slot: 2 Marking BZ as verified.
Additional info: [root@master1 ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304