On ma, 26 helmi 2018, Winfried de Heiden wrote:
Hi all,

What about an RFE on this :)
See my other response. It isn't done just for fun, there is a
fundamental issue of authorization made at authentication time
when there is not enough information about a target to authorize.


-----Oorspronkelijke bericht-----

Datum: Fri, 23 Feb 2018 16:54:45 +0200
Onderwerp: Re: [Freeipa-users] OTP for specific services only
Cc: Winfried de Heiden <w...@dds.nl>
Aan: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Van: Alexander Bokovoy <aboko...@redhat.com>
On pe, 23 helmi 2018, Winfried de Heiden via FreeIPA-users wrote:
Hi al,

OTP using IPA 4.5 on CentOS seems to work well. However: I can force
a user to
use OTP and/or a host.

Selecting a user, ALL authentication needs OTP. Since sudo in this
case will
ask for OTP also, this turn out quite inconvenient. Is is possible to
only certain services for OTP. for example:

login using SSH --&gt; OTP
login ftp --&gt; OTP
console --&gt; password only
sudo --&gt; password only

Not possible right now, sorry.

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to