That's fantastic. Thanks for the link. Thanks, -Brian
On Thu, 2014-06-05 at 14:30 -0400, Simo Sorce wrote: > On Thu, 2014-06-05 at 18:13 +0000, Lindblom, Brian R. wrote: > > I've been doing a bit of reading on integrating securid w/ ipa and am > > coming up a little short. Up-stream MIT kerberos has some mention of > > supporting it: > > > > http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support > > > > But I'm not sure if or how that translates to IPA support. Some clever > > pam rules could certainly be shoehorned-in as a sort of RSA "pre-auth" > > layer before getting into the krb5/sss bits, but that seems hackish at > > best. There was something on this mailing list talking about AuthHub > > support, circa 2012, but neither the topic or the AuthHub git repository > > seem to have been touched since. > > > > So, long story short, is this on the roadmap, an existing feature, a > > hidden feature, or has it been done before? Any insight would be > > greatly appreciated! I dearly miss my IPA setup from my previous gig, > > but a hard-n-fast securid requirement makes it difficult to offer up as > > a solution here without more info on how they can cooperate. > > IPA 4.0 will come out with integrated OTP support. To use an external > provider you will need to configure a radius server to which PIN+Code > will be sent for verification. > > This is the project page: http://www.freeipa.org/page/V3/OTP > > Simo. > -- Brian R. Lindblom HPC Systems Administrator National Center for Computational Sciences Oak Ridge National Laboratory _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
