On 19/02/15 02:06, Jan Pazdziora wrote: > On Wed, Feb 18, 2015 at 04:06:39PM -0800, Martin Minkus wrote: >> >> Except where we don't want single sign on, and separate passwords are >> advantageous or even required: >> >> - Web logins > > Could you elaborate on the use cases when you'd want your users to log > in using their passwords on a Web login, instead of using SSO, be it > Kerberos or SAML? Is that purely the application not supporting it > or are there some other reasons (you say "we don't want single sign > on" which sounds like a political or compliance issue, not technical > one).
Hi, thanks for your response. It seems to be related to a compliance issue. We need to be pci compliant as some of our systems handle credit card data. We already use two factor auth for vpn's using Duo but it seems management would like to store vpn passwords in our FreeIPA directory but have it be a separate and different password to the usual login password. Anyway, I guess we will figure out a technical solution that works for us. Thanks, Martin. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project