On Sun, Jan 18, 2015 at 05:26:25PM -0800, Janelle wrote: > Hi all, > > I was playing around with the OTP app in 4.x and it is really nice. I wonder > if there is a way to force some hosts require to use it, but not all the > hosts from a server? I want some of the servers to be locked down more > securely, but others can just require a password. > > thanks > ~J > Hi Janelle,
Right now it is all or nothing. The CAMMAC / Authentication Indicator feature[1] that is being implemented in MIT Kerberos will eventually allow FreeIPA to manage "two factor required / not required" policy on a per-service basis. [1] http://k5wiki.kerberos.org/wiki/Projects/Authentication_indicator Regards, Fraser > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project