For which sssd release is this feature targetted ? Rob Verduijn
2015-03-12 23:26 GMT+01:00 Dmitri Pal <[email protected]>: > On 03/12/2015 04:59 PM, Jakub Hrozek wrote: > >> On 12 Mar 2015, at 21:32, Rob Verduijn <[email protected]> wrote: >>> >>> Hello, >>> >>> I was looking into otp authentication and found some articles on how to >>> enable this in freeipa. >>> >>> I can't seem to figure out how this is going to deal with cashed >>> credentials on a laptop that is not able to connect the ipa server. >>> >>> How is this going to work out when 'native OTP' is being used ? >>> >> I'm sorry, but currently it doesn't as with the current (sssd-1.12.x) >> version we treat the long and one-time part as a single blob, so we can't >> cache it. >> >> In the next version, we'll work on prompting for and handling the short >> and long term parts of the authtok separately, so we'll be able to cache >> credentials. >> >> Yes. Please do not use current version for laptops. > See the warning: https://access.redhat.com/documentation/en-US/Red_Hat_ > Enterprise_Linux/7/html-single/System-Level_Authentication_Guide/index. > html#otp > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
