Thanks Sumit, This looks like what we're after, I'll follow up after some testing.
Aaron -----Original Message----- From: Sumit Bose via FreeIPA-users [mailto:freeipa-users@lists.fedorahosted.org] Sent: Friday, 17 November 2017 9:06 PM To: freeipa-users@lists.fedorahosted.org Cc: Sumit Bose <sb...@redhat.com> Subject: [Freeipa-users] Re: Enabling two-factor by host On Fri, Nov 17, 2017 at 04:09:01AM +0000, Aaron Hicks via FreeIPA-users wrote: > Hello the list, > > Is it possible to enable two-factor authentication using Google Authenticator > on FreeIPA on specific hosts or groups of hosts? > > Alternatively, are there any recommendations on modifying the Pam > configuration on these 2FA required machines to grab the OTP token from > FreeIPA when a user logs in? Please check if authentication indicators is waht you are looking for, see e.g. https://blog.delouw.ch/2016/10/16/freeipa-selective-2fa-authentication-indicators/ for details, look especially for 'Enforcing 2FA on a host principal'. HTH bye, Sumit > > Regards, > > Aaron > > Get Outlook for iOS<https://aka.ms/o0ukef> > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org