Aah ok !
Unfortunately I'm using Amazon Linux and it does not support SSSD. I ended
up using nss-pam-ldap, nscd and nslcd.
However this looks promising. Only for the servers exposed to Internet I
could use CentOS/Fedora and this method of authentication. Let me try this
and come back to you.
On 27 June 2015 at 10:17, Alexander Bokovoy <aboko...@redhat.com> wrote:
> ----- Original Message -----
> > Hi ,
> > I'm exploring implementing a 2FA solution to my servers exposed to
> > Mainly to secure SSH with 2FA. The SSH keys and users are already in
> > FreeIPA.
> > Is there a way to utilize the OTP inside FreeIPA during a user login to
> > servers ? A user will have to enter the TOTP code bases on whats
> > in FreeIPA. Something along the lines of
> > https://github.com/google/google-authenticator/tree/master/libpam
> If you are using SSSD (pam_sss), it will automatically accept 2FA.
> You need to force OpenSSH to combine authentication methods, something
> AuthenticationMethods publickey,password:pam
> Look into sshd_config manual page for details. This is feature of OpenSSH
> 6.2 or later.
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project