That's fantastic.  Thanks for the link.  

Thanks,
-Brian

On Thu, 2014-06-05 at 14:30 -0400, Simo Sorce wrote:
> On Thu, 2014-06-05 at 18:13 +0000, Lindblom, Brian R. wrote:
> > I've been doing a bit of reading on integrating securid w/ ipa and am
> > coming up a little short.  Up-stream MIT kerberos has some mention of
> > supporting it:
> > 
> > http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support
> > 
> > But I'm not sure if or how that translates to IPA support.  Some clever
> > pam rules could certainly be shoehorned-in as a sort of RSA "pre-auth"
> > layer before getting into the krb5/sss bits, but that seems hackish at
> > best.  There was something on this mailing list talking about AuthHub
> > support, circa 2012, but neither the topic or the AuthHub git repository
> > seem to have been touched since.
> > 
> > So, long story short, is this on the roadmap, an existing feature, a
> > hidden feature, or has it been done before?  Any insight would be
> > greatly appreciated!  I dearly miss my IPA setup from my previous gig,
> > but a hard-n-fast securid requirement makes it difficult to offer up as
> > a solution here without more info on how they can cooperate.
> 
> IPA 4.0 will come out with integrated OTP support. To use an external
> provider you will need to configure a radius server to which PIN+Code
> will be sent for verification.
> 
> This is the project page: http://www.freeipa.org/page/V3/OTP
> 
> Simo.
> 

-- 
Brian R. Lindblom
HPC Systems Administrator
National Center for Computational Sciences
Oak Ridge National Laboratory

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to