freeipa

Clone
Source Code
GIT

#4697 Admins can't delete their last token even though they are admins
Closed: Fixed None Opened 9 years ago by ctria.

Closed: Fixed
Reopen Issue

That is expected behaviour but how to delete the last token of an admin is not that clear and needs to be documented. There are 2 options: [[BR]]
a) Via a second admin account [[BR]]

b) Via ldapdelete:

$ ldapdelete -D 'cn=Directory Manager' -W ipatokenUniqueID=<token id>,cn=otp,<suffix>

This is as designed. However, we need to:
1. Document the above recovery methods.
2. Permit deletion of the last token if the user has the password user auth type configured.

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=919228 (Red Hat Enterprise Linux 7)

4.1.2 was released.

master:

  • bdccb0c Preliminary refactoring of libotp files
  • 953c684 Move authentication configuration cache into libotp
  • 08f8acd Enable last token deletion when password auth type is configured

ipa-4-1:

  • b4e85d0 Preliminary refactoring of libotp files
  • faa4d72 Move authentication configuration cache into libotp
  • a0421d8 Enable last token deletion when password auth type is configured

Metadata Update from @ctria:
- Issue assigned to npmccallum
- Issue set to the milestone: FreeIPA 4.1.3
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
OTP
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=919228
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.