On Mon, 2014-12-01 at 22:15 +0100, Jakub Hrozek wrote:
Hi,
the attached patch fixes chpass for OTP users for me. I hope looking at
the ipaUserAuthType attribute is acceptable.
The attribute is undocumented on purpose -- I don't see a reason for the
user to set this attribute to a different value and the desription would
just clutter the (already too complex) sssd-ldap man page.
I'm open to adding the attribute to the configAPI, though.
I'm very thankful for a quick fix!
I haven't tested it. However, part of me is loathe to special case OTP
in this way. I admit, this case isn't bad. But ipaUserAuthType does not
technically indicate which method was used, only which methods are
possible. For instance, if ipaUserAuthType == "otp" and "password",
the
user could use either one (not currently, but that is the plan).
It seems to me that reusing credentials is always wrong.
What is CHAUTHTOK anyway?
Nathaniel