Kevin Cassar via FreeIPA-users wrote: > Hi all, > > In my setup I have TOTP (software token) enabled, and it works as intended. > My only concern is, that I want only the "admin" to be able to generate > software tokens, that they later can assign to users. > Essentially, I want to do away with user-managed tokens, and only have > administrator-managed tokens. I was wondering if such a thing is possible?
It would involve deleting the acis that grant the add/modify rights. This isn't something we've tested so there could be dragons. These are actual 389-ds acis and not represented as permissions for reasons I don't know. You'd have to use ldapmodify or your favorite LDAP editor to remove the acis. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
