Reviving this as I am still stuck with CentOS 6. CentOS 6.6 now has sssd 1.11 - yet I still cannot get the OTP to work under PAM:
I created a test user and added an otp. User works fine without the OTP, however I keep getting this when trying to test with OTP via pamtester: pamtester: pam_sss(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=michael pamtester: pam_sss(login:auth): received for user michael: 17 (Failure setting user credentials) Is there a way to get more information as to what is going on? Is my expectation that I would provide otp in a form of "password123456" correct (assuming my password is "password" and otp token is "123456")? On Fri, Aug 15, 2014 at 2:29 AM, Michael Lasevich <[email protected]> wrote: > Thanks, glad I asked before wasting time. > > > On Fri, Aug 15, 2014 at 1:07 AM, Jakub Hrozek <[email protected]> wrote: > >> On Thu, Aug 14, 2014 at 01:19:58PM -0700, Michael Lasevich wrote: >> > I did not dive into this yet, but before I waste too much time I wanted >> to >> > ask if centos 6.5 default ipa client expected to work with 2FA or not. >> >> No it's not, sorry. The 6.5 client is SSSD 1.9.x and there's a couple of >> fixes that landed during the 1.11 development such as: >> https://fedorahosted.org/sssd/ticket/2186 >> or: >> https://fedorahosted.org/sssd/ticket/2271 >> plus some other commits I see in git log which don't reference any ticket. >> >> I'd suggest to test using a centos 7.0 client. >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go To http://freeipa.org for more info on the project >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
