Am Mon, May 20, 2024 at 06:32:31AM -0000 schrieb seojeong kim via FreeIPA-users: > on server side, ipauserauthtype set as password + otp. > [root@xxxxxx /]# ipa user-show ereen-test --raw | grep ipauserauthtype > ipauserauthtype: password > ipauserauthtype: otp > > > And I added new configuration in /etc/ssh/sshd_config on my host which is > ipa client is installed. > GSSAPIAuthentication yes
Hi, 'GSSAPIAuthentication' is not needed there, this is for Kerberos/GSSAPI base authentication. You should make sure that 'KbdInteractiveAuthentication' (or 'ChallengeResponseAuthentication' for older versions) is allowed. > > And /etc/sssd/sssd.conf > [prompting/password/sshd] > password_prompt = password : > [prompting/2fa/sshd] > first_prompt = first pwd : > second_prompt = second otp : > > But all the time, when I try ssh login with ereen-test, the prompt asks > "password :" > I expect 2 factor asking as I configured like below > first_prompt : > second_prompt : > > > Is there other configuration should I set more ? Additionally you should check your PAM configuration. The 'pam_sss.so' module should be the first to ask the IPA users for the password in the 'auth' block, otherwise other modules might just ask for 'Password'. HTH bye, Sumit > > > > > > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
