I am testing a simple setup with FreeIPA 4.0.1 server and a centos6.5 stock
"ipa-client" package and I can get the regular password to work, but not
otp login (otp login works in web ui).
As I understood this, kinit is not expected to work (requires FAST) but PAM
(which uses sssd, which supposed to supports/configure FAST by default)
Indeed the kinit fails with "Generic preauthentication failure while
getting initial credentials" but PAM/SSSD does not seem to work either.
This is a brand new test domain with allow-all HBAC intact, so I do not
think that is the issue
I did not dive into this yet, but before I waste too much time I wanted to
ask if centos 6.5 default ipa client expected to work with 2FA or not.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project