On Tue, Jun 30, 2015 at 11:34:55AM +0530, Prashant Bapat wrote:
> Hi,
> 
> I was able to set this up in a Fedora instance with SSSD and it works as
> expected. SSHD first uses the public key and then prompts for password
> which is ofcourse password+OTP.
> 
> However, having a user enter the password+OTP every time he logs in during
> the day is kind of inconvenient. Is it possible to make sure the user has
> to login once and the credentials are cached for say 12/24 hours. I know
> this is possible just using the password. Question is, is this possible
> using password+OTP?

We have an SSSD feature under review now that would help you:
    https://fedorahosted.org/sssd/ticket/1807

But to be honest, I'm not sure if we tested the patches with 2FA yet. We
should!

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to