Steven Jones wrote:
Is it possible to use the freeipa API and and external program to do one time
passwords? (password is sent by the external app, sms to smartphone).
Not yet. The problem is lack of support in the KDC and this is being
actively worked on.
We did a proof-of-concept at the Red Hat Summit a couple of years ago
using a Yubikey as the OTP source. It was, as they say in New England,
It was very much hardcoded though. AFAIK they are working on a plugin
interface to make this much easier to do. A lot of the work is being
done here: https://fedorahosted.org/AuthHub/
Freeipa-users mailing list