Hello again list, Is it possible to differentiate between a kerberos ticket that was granted with OTP vs one that would not (for the purpose of requiring it for `ipa some-privileged command` )
Aim: Protect servers with OTP but not always require it for workstations. But to require OTP for the privilege that ipa commands afford powerful users from their workstation. Other potential avenues (full admission - less research performed) - I'd be interested in would be periodic requirements for OTP, but not for say screen unlock events. Thanks as always, David
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
