Thanks Sam. I'll explain better my case. - We didn't define default authentication metod for user and for host/service - For all defined users we enabled only OTP metod (we want that all users use 2 factor) - All users have to use OTP to log in each enroled hosts - Our VPN system use LDAP (freeipa server) to authenticate the users (users defined with OTP), then the users need to user passwod+otp to start vpn client --> LDAP client (vpn server) is not enrolled, it is not possible (forcepoint)
My target is: - force the users to use otp to start VPN and to don't use otp (only password) to login all other hosts in virtual private network. Some ideas? Thanks -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
