On to, 01 huhti 2021, Kevin Fenzi wrote:
On Thu, Apr 01, 2021 at 01:50:40PM +0300, Alexander Bokovoy wrote:
>
> This split of fields in FreeIPA Web UI exists since FreeIPA 4.0 which
> was part of early RHEL 7 deliveries (the code for separate OTP field was
> added in 2014).
>
> There is nothing specific about it -- Noggin developers simply missed
> this part, as well as they missed OTP token sycnhronization
> functionality.
Odd. I am looking at our "RED HAT IDENTITY MANAGEMENT" web interface and
it has a Username and a Password field and the Password field has
"Password or Password + One Time Password" in it.
Sorry, I mixed these things myself. Main password login screen has
only a password login field, not two. I mixed it up with the password
reset form where there is a separate OTP field.
Noggin can have a separate OTP field on the login screen, though. This
would be a UX optimization as currently you'd still need to pass both
values concatenated as a 'password' to the server in the login POST
request. Once we add prompting support to kinit, though, we would be
able to pass the OTP token value separately and could add a separate OTP
value field to the server login form.
> library. SSSD does use them, so it is possible to change
password
> through SSSD with separate prompts.
>
> Improving 'kpasswd' and 'kinit' utilities in on my todo list as
I'll
> need this for other use cases as well.
Cool. I'll investigate if we want to make this case easier.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland