Am Thu, Dec 23, 2021 at 01:13:32PM +0100 schrieb Winfried de Heiden via FreeIPA-users: > Hi all, > > Using FreeIPA, 2FA can be made optional by enabling "Password" AND "Two > factor authentication (password + OTP)" for a user. For particular hosts the > 2FA now can be made mandatory by enabling "Two factor authentication > (password + OTP)" > > Now, for hosts for which 2FA is NOT mandatory, according to the man pages, > 2FA can be made "invissible" by using the "single_prompt" option. In man > sssd.conf: > > "If the second factor is optional and it should be possible to log in either > only with the password or with both factors two-step prompting has to be > used."
Hi, the sentence from the man page is not part of the description of the 'single_prompt' option but a general comment for '[prompting/2fa]'. And it means that in your case 'single_prompt' won't work because "two-step prompting" with first and second factor "has to be used". HTH bye, Sumit > > However, this doesn't work. When using the "single_prompt" login will fail. > Using two prompts, and just press enter for the second 2FA prompt, login > will succeed. > > Hence: did I forget something or is there a bug involved? > > FYI: tested on CentOS Stream9 > > > -- > email handtekening privé Met vriendelijke groet, > > Winfried de Heiden > [email protected] > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
