Steven Jones wrote:

Is it possible to use the freeipa API and and external program to do one time 
passwords?  (password is sent by the external app,  sms to smartphone).

Not yet. The problem is lack of support in the KDC and this is being actively worked on.

We did a proof-of-concept at the Red Hat Summit a couple of years ago using a Yubikey as the OTP source. It was, as they say in New England, wicked cool.

It was very much hardcoded though. AFAIK they are working on a plugin interface to make this much easier to do. A lot of the work is being done here:


Freeipa-users mailing list

Reply via email to