For which sssd release is this feature targetted ?

Rob Verduijn

2015-03-12 23:26 GMT+01:00 Dmitri Pal <d...@redhat.com>:

> On 03/12/2015 04:59 PM, Jakub Hrozek wrote:
>
>> On 12 Mar 2015, at 21:32, Rob Verduijn <rob.verdu...@gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> I was looking into otp authentication and found some articles on how to
>>> enable this in freeipa.
>>>
>>> I can't seem to figure out how this is going to deal with cashed
>>> credentials on a laptop that is not able to connect the ipa server.
>>>
>>> How is this going to work out when 'native OTP' is being used ?
>>>
>> I'm sorry, but currently it doesn't as with the current (sssd-1.12.x)
>> version we treat the long and one-time part as a single blob, so we can't
>> cache it.
>>
>> In the next version, we'll work on prompting for and handling the short
>> and long term parts of the authtok separately, so we'll be able to cache
>> credentials.
>>
>>  Yes. Please do not use current version for laptops.
> See the warning: https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html-single/System-Level_Authentication_Guide/index.
> html#otp
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to