The FreeIPA team is happy to welcome you to a Fedora Test Day that is
being held on Thursday, June 6th.

We invite you to take part in testing of the new OTP authentication
feature that will become available in upcoming FreeIPA 3.2 upstream
release and will be a part of Fedora 19. The feature is based on the new
extended capabilities of the MIT Kerberos [1] and 389 directory server [2].

The feature would allow users to authenticate against FreeIPA and
acquire Kerberos tickets using either OTP tokens issued by 3rd party
vendors or by FreeIPA server itself.

In the case the token is provided by a 3rd party vendor like RSA, VASCO,
Yubico, etc. the authentication data is forwarded to the external 
authentication server over RADIUS protocol. In this scenario user input
is supposed to consist of the two factors as prescribed by the vendor 
and will be handled by the external server. In case the OTP token is 
issued by FreeIPA itself the user can authenticate using two factors one
of which is his Kerberos password and another one is a token issued for
him. A token can be provisioned to his mobile device and used via Google
authenticator app.

This is an initial phase of the first ever integrated two factor
authentication solution leveraging Kerberos SSO. When complete, users
will be able to authenticate using different authentication methods and
acquire tickets that will allow them to access different services
within the enterprise depending on the strength of their authentication.

More detailed information about the feature can be found here:
https://fedoraproject.org/wiki/Feature/FreeIPA_Two_Factor_Authentication

To read more about the test day and suggested tests see the following
link
https://fedoraproject.org/wiki/Test_Day:2013-06-06_FreeIPA_Two_Factor_Authentication

Thank you for your help and participation!

FreeIPA team

[1] http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS
[2] https://github.com/nkinder/otp_plugin


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to