We have users who have otp set. I want to require them to use it except in one specific situation, where I want to be able to use a keytable to generate credentials for them (which have to work for all services).
Can anyone think of a way to do this? Auth indicators doesn't seem to do the job, since it looks like a constraint on using the ticket, where I'm concerned with how it's generated. The only thing I've come up with is setting the directory server to override ipaUserAuthType for that host. There's got to be a better way.
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
