On ma, 26 helmi 2018, Winfried de Heiden wrote:
Hi all,

What about an RFE on this :)
See my other response. It isn't done just for fun, there is a
fundamental issue of authorization made at authentication time
when there is not enough information about a target to authorize.


Winfried

-----Oorspronkelijke bericht-----

Datum: Fri, 23 Feb 2018 16:54:45 +0200
Onderwerp: Re: [Freeipa-users] OTP for specific services only
Cc: Winfried de Heiden <w...@dds.nl>
Aan: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Van: Alexander Bokovoy <aboko...@redhat.com>
On pe, 23 helmi 2018, Winfried de Heiden via FreeIPA-users wrote:
Hi al,

OTP using IPA 4.5 on CentOS seems to work well. However: I can force
a user to
use OTP and/or a host.

Selecting a user, ALL authentication needs OTP. Since sudo in this
case will
ask for OTP also, this turn out quite inconvenient. Is is possible to
select
only certain services for OTP. for example:

login using SSH --&gt; OTP
login ftp --&gt; OTP
console --&gt; password only
sudo --&gt; password only

Not possible right now, sorry.


--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to