On Fri, 17 Apr 2015, Andrew Holway wrote:
In an obviously blatant promotion exercise and attempt to build page
rank....

Please could I have some critique on this article?

http://otternetworks.de/tech/freeipa-technical-brief/

Your feedback would be really appreciated
Thanks for the nice article showing how to enable OpenVPN with
two-factor authentication.

My notes:
- Title is misleading as article is about setting up OpenVPN with
  two-factor auth, not really about FreeIPA itself

- You mention "Using a completely standard client OpenVPN configuration
  with only one addition “auth-user-pass” to prompt for a password we
  are able to use OpenVPN to log into a network using password+OTP."
  However, there is no config example that shows it. I would add that,
  along the lines of using PAM plugin.

- It would probably be good to mention that by using PAM authentication
  plugin you also get HBAC rules from FreeIPA to fine tune which users
  can actually use this VPN concentrator. As it is, any user from your
  system would be able to use VPN but most probably you'd want to limit
  them by group membership and it is better to achieve by using HBAC
  rules.


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to