Hello all on the list!

Kind of an odd question, but management has asked me to try to find this
out.  We've been rolling out FreeIPA to replace OpenLDAP inside a
higher-security (PCI Compliant) part of our overall network.  One of the
things we would like to possibly do is require 2FA (using Yubikeys) for
certain machines within that network, without creating a second FreeIPA
domain.  For example, inside this domain we have jump hosts that will
require Yubikey 2FA to log in to, and from that point forward, Kerberos
would be used to move from one machine to another.  However, for 2 specific
machines, we'd like to require a second 2FA authentication to those to
provide some additional security.  Is this even possible?


Jeremy Utley
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to