IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
6cfb9d73d9701767d8b76d7ff5bbc080a6be9386
freeipa/ipalib/plugins/otpconfig.py
Jan Cholasta cd5ecdbaee help, makeapi: specify module topic by name 
Specify module topic by name rather than by name and summary. A topic
module of the topic name must exist. Summary is extracted from the
docstring of the topic module.

This changes makes topic handling more generic and consistent between
modules and commands.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00

122 lines
3.6 KiB
Python
Raw Blame History

# Authors:
# Nathaniel McCallum <npmccallum@redhat.com>
#
# Copyright (C) 2014 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipalib import _, api, Int
from ipalib.plugable import Registry
from .baseldap import DN, LDAPObject, LDAPUpdate, LDAPRetrieve
__doc__ = _("""
OTP configuration
Manage the default values that IPA uses for OTP tokens.
EXAMPLES:
Show basic OTP configuration:
ipa otpconfig-show
Show all OTP configuration options:
ipa otpconfig-show --all
Change maximum TOTP authentication window to 10 minutes:
ipa otpconfig-mod --totp-auth-window=600
Change maximum TOTP synchronization window to 12 hours:
ipa otpconfig-mod --totp-sync-window=43200
Change maximum HOTP authentication window to 5:
ipa hotpconfig-mod --hotp-auth-window=5
Change maximum HOTP synchronization window to 50:
ipa hotpconfig-mod --hotp-sync-window=50
""")
register = Registry()
topic = 'otp'
@register()
class otpconfig(LDAPObject):
object_name = _('OTP configuration options')
default_attributes = [
'ipatokentotpauthwindow',
'ipatokentotpsyncwindow',
'ipatokenhotpauthwindow',
'ipatokenhotpsyncwindow',
]
container_dn = DN(('cn', 'otp'), ('cn', 'etc'))
permission_filter_objectclasses = ['ipatokenotpconfig']
managed_permissions = {
'System: Read OTP Configuration': {
'replaces_global_anonymous_aci': True,
'ipapermbindruletype': 'all',
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'ipatokentotpauthwindow', 'ipatokentotpsyncwindow',
'ipatokenhotpauthwindow', 'ipatokenhotpsyncwindow',
'cn',
},
},
}
label = _('OTP Configuration')
label_singular = _('OTP Configuration')
takes_params = (
Int('ipatokentotpauthwindow',
cli_name='totp_auth_window',
label=_('TOTP authentication Window'),
doc=_('TOTP authentication time variance (seconds)'),
minvalue=5,
),
Int('ipatokentotpsyncwindow',
cli_name='totp_sync_window',
label=_('TOTP Synchronization Window'),
doc=_('TOTP synchronization time variance (seconds)'),
minvalue=5,
),
Int('ipatokenhotpauthwindow',
cli_name='hotp_auth_window',
label=_('HOTP Authentication Window'),
doc=_('HOTP authentication skip-ahead'),
minvalue=1,
),
Int('ipatokenhotpsyncwindow',
cli_name='hotp_sync_window',
label=_('HOTP Synchronization Window'),
doc=_('HOTP synchronization skip-ahead'),
minvalue=1,
),
)
def get_dn(self, *keys, **kwargs):
return self.container_dn + api.env.basedn
@register()
class otpconfig_mod(LDAPUpdate):
__doc__ = _('Modify OTP configuration options.')
@register()
class otpconfig_show(LDAPRetrieve):
__doc__ = _('Show the current OTP configuration.')
Reference in New Issue View Git Blame Copy Permalink