On 06/05/2014 02:42 PM, Lindblom, Brian R. wrote:
That's fantastic. Thanks for the link.
Here is a video:
If instead of using an IPA managed token you configure RADIUS proxy to
your RSA Authentication Manager you would be able to accomplish a
similar result as in the video.
Do not forget configure the IPA server client in RSA Authentication
Manager as a single transaction server to avoid new pin and next token
code mode hurdles.
We would appreciate a HowTo page if you make it work.
On Thu, 2014-06-05 at 14:30 -0400, Simo Sorce wrote:
On Thu, 2014-06-05 at 18:13 +0000, Lindblom, Brian R. wrote:
I've been doing a bit of reading on integrating securid w/ ipa and am
coming up a little short. Up-stream MIT kerberos has some mention of
But I'm not sure if or how that translates to IPA support. Some clever
pam rules could certainly be shoehorned-in as a sort of RSA "pre-auth"
layer before getting into the krb5/sss bits, but that seems hackish at
best. There was something on this mailing list talking about AuthHub
support, circa 2012, but neither the topic or the AuthHub git repository
seem to have been touched since.
So, long story short, is this on the roadmap, an existing feature, a
hidden feature, or has it been done before? Any insight would be
greatly appreciated! I dearly miss my IPA setup from my previous gig,
but a hard-n-fast securid requirement makes it difficult to offer up as
a solution here without more info on how they can cooperate.
IPA 4.0 will come out with integrated OTP support. To use an external
provider you will need to configure a radius server to which PIN+Code
will be sent for verification.
This is the project page: http://www.freeipa.org/page/V3/OTP
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Freeipa-users mailing list