I've been struggling with this too.
Currently I'm doing a hack (NO PASSWORD) in sudoers to at least workaround
the otp at sudo.
It's as always usability+angry users vs security.
On Fri, Feb 23, 2018 at 3:07 PM, Winfried de Heiden via FreeIPA-users <
> Hi al,
> OTP using IPA 4.5 on CentOS seems to work well. However: I can force a
> user to use OTP and/or a host.
> Selecting a user, ALL authentication needs OTP. Since sudo in this case
> will ask for OTP also, this turn out quite inconvenient. Is is possible to
> select only certain services for OTP. for example:
> login using SSH --> OTP
> login ftp --> OTP
> console --> password only
> sudo --> password only
> FreeIPA-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Network Security Engineer
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org