I've been doing a bit of reading on integrating securid w/ ipa and am
coming up a little short.  Up-stream MIT kerberos has some mention of
supporting it:

http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support

But I'm not sure if or how that translates to IPA support.  Some clever
pam rules could certainly be shoehorned-in as a sort of RSA "pre-auth"
layer before getting into the krb5/sss bits, but that seems hackish at
best.  There was something on this mailing list talking about AuthHub
support, circa 2012, but neither the topic or the AuthHub git repository
seem to have been touched since.

So, long story short, is this on the roadmap, an existing feature, a
hidden feature, or has it been done before?  Any insight would be
greatly appreciated!  I dearly miss my IPA setup from my previous gig,
but a hard-n-fast securid requirement makes it difficult to offer up as
a solution here without more info on how they can cooperate.

Thanks,
-- 
Brian R. Lindblom
HPC Systems Administrator
National Center for Computational Sciences
Oak Ridge National Laboratory

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to