https://fedorahosted.org/freeipa/ticket/5703
Patch attached.
From 647a8b1ae11e6bd65cdaf2be2062d10d0e0b92cc Mon Sep 17 00:00:00 2001 From: Martin Basti <[email protected]> Date: Thu, 10 Mar 2016 19:01:33 +0100 Subject: [PATCH] client: enable ChallengeResponseAuthentication in sshd_config In order to enable SSSD smart prompting and allow it to ask for 1FA and 2FA separately, ChallengeResponseAuthentication should be set to yes. This change will enable better processing of the 2FA value and it will also enable other features, like allow SSSD to make the 2FA option in some cases and have a way of informing user that 2FA is optional. https://fedorahosted.org/freeipa/ticket/5703 --- client/ipa-client-install | 1 + 1 file changed, 1 insertion(+) diff --git a/client/ipa-client-install b/client/ipa-client-install index f42d877559365af3d8def3cab9b204cdb5eb919e..82e5c4cb0d61a3772fea772482db9a9759b5ff71 100755 --- a/client/ipa-client-install +++ b/client/ipa-client-install @@ -1399,6 +1399,7 @@ def configure_sshd_config(fstore, options): 'KerberosAuthentication': 'no', 'GSSAPIAuthentication': 'yes', 'UsePAM': 'yes', + 'ChallengeResponseAuthentication': 'yes', } if options.sssd and file_exists(paths.SSS_SSH_AUTHORIZEDKEYS): -- 2.5.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
