Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ykman fido access change-pin - Does not return result #577

Closed
del-leehopper opened this issue Nov 16, 2023 · 4 comments
Closed

ykman fido access change-pin - Does not return result #577

del-leehopper opened this issue Nov 16, 2023 · 4 comments

Comments

@del-leehopper
Copy link

  • YubiKey Manager (ykman) version: YubiKey Manager (ykman) version: 5.2.1 (Also tried on 5.1.1)
  • How was it installed?: yubikey-manager-5.2.1-win64.msi
  • Operating system and version: Windows 10 22H2 (OS Build 19045.3693)
  • YubiKey model and version: YubiKey 5C NFC 5.4.3
  • Bug description summary: Command ykman fido access change-pin does not return result

Steps to reproduce

  1. Open CMD in Administrator mode
  2. Run the following command: ykman fido access change-pin
  3. Change/set the pin

Expected result

I expect a dialog that says something like "FIDO password updated" similar if you run the following command: ykman oath access change

Actual results and logs

There is no output for a confirmation that the change has worked.
There is an output if there is an error. For example, if you enter the wrong confirmation password you get the following:
Error: The two entered values do not match. Enter your new PIN:
Therefore you are questioning if the command ran correctly or not, and can only know by testing FIDO with your new password.

Other info

None
@del-leehopper
Copy link
Author

Not sure if I should create a new "Issue" but I also found the same for ykman config set-lock-code. No confirmation of if it has been set correctly, but I do get error messages.

@dainnilsson
Copy link
Member

There are different schools of thought on this, each with pros and cons. Traditionally a UNIX command line tool does not output anything on success, which is generally useful when scripting. On the other hand, not giving the user any feedback here can be confusing.

That said, the tool currently isn't consistent in either approach (output info on success, or only on failure) which is clearly not desirable, and should be changed. We should evaluate which approach to take, and then implement it consistently across the different commands.

@del-leehopper
Copy link
Author

@dainnilsson I agree. Inconsistency breads uncertainty.

Perhaps the use of the --force flag could be used to define if there is an output or not? e.g. if --force is used, then output nothing on success, however, if --force is not used, then output a feedback result. Best of both worlds in that case.

@dainnilsson
Copy link
Member

After some additional though on this we determined that having output for all successful commands would be more helpful than not. We've now released 5.5.0, and as part of that release we have added output to commands which did not already produce output. The exception to this is when a command outputs a file and the user chooses to redirect that file to stdout.

Hopefully this resolves the issue. If you find any command which still do not produce any output, please let us know by opening a new issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dainnilsson @del-leehopper