Reviving this as I am still stuck with CentOS 6.

CentOS 6.6 now has sssd 1.11 - yet I still cannot get the OTP to work under
PAM:

I created a test user and added an otp. User works fine without the OTP,
however I keep getting this when trying to test  with OTP via pamtester:

pamtester: pam_sss(login:auth): authentication failure; logname= uid=0
euid=0 tty= ruser= rhost= user=michael
pamtester: pam_sss(login:auth): received for user michael: 17 (Failure
setting user credentials)

Is there a way to get more information as to what is going on?

Is my expectation that I would provide otp in a form of "password123456"
correct (assuming my password is "password" and otp token is "123456")?



On Fri, Aug 15, 2014 at 2:29 AM, Michael Lasevich <mlasev...@lasevich.net>
wrote:

> Thanks, glad I asked before wasting time.
>
>
> On Fri, Aug 15, 2014 at 1:07 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
>> On Thu, Aug 14, 2014 at 01:19:58PM -0700, Michael Lasevich wrote:
>> > I did not dive into this yet, but before I waste too much time I wanted
>> to
>> > ask if centos 6.5 default ipa client expected to work with 2FA or not.
>>
>> No it's not, sorry. The 6.5 client is SSSD 1.9.x and there's a couple of
>> fixes that landed during the 1.11 development such as:
>>     https://fedorahosted.org/sssd/ticket/2186
>> or:
>>     https://fedorahosted.org/sssd/ticket/2271
>> plus some other commits I see in git log which don't reference any ticket.
>>
>> I'd suggest to test using a centos 7.0 client.
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project
>>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to