I've been doing a bit of reading on integrating securid w/ ipa and am coming up a little short. Up-stream MIT kerberos has some mention of supporting it:
http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support But I'm not sure if or how that translates to IPA support. Some clever pam rules could certainly be shoehorned-in as a sort of RSA "pre-auth" layer before getting into the krb5/sss bits, but that seems hackish at best. There was something on this mailing list talking about AuthHub support, circa 2012, but neither the topic or the AuthHub git repository seem to have been touched since. So, long story short, is this on the roadmap, an existing feature, a hidden feature, or has it been done before? Any insight would be greatly appreciated! I dearly miss my IPA setup from my previous gig, but a hard-n-fast securid requirement makes it difficult to offer up as a solution here without more info on how they can cooperate. Thanks, -- Brian R. Lindblom HPC Systems Administrator National Center for Computational Sciences Oak Ridge National Laboratory _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
