On Суб, 24 лют 2024, Lenard Pasztor via FreeIPA-users wrote:
Update2:
Yes, the kdc.conf modification solved the problem, but now I got new
push notifications in every 5 seconds until I hit the approve (or
timeout exceeded. So the duo radius proxy receiving a new try in every
5 seconds. So there is an another timeout. Can somebody give a
suggestion where to look for it?
[root@idm-0 /]# ipa radiusproxy-show duo
RADIUS proxy server name: duo
Description: duo
Server: 10.15.0.32
Timeout: 30
Retries: 0
You already found 'otp' pre-authentication mechanism's configuration.
https://github.com/krb5/krb5/blob/master/src/plugins/preauth/otp/otp_state.c#L239-L250
So technically the retries and timeout from the DEFAULT otp
configuration in kdc.conf should be governing it.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
