Hi, I would like to reduce the vector of brute force attacks in my web application written in php. Users can login via passord and otp which are hosted on freeipa.
To achieve this I would like to check the otp first, so no password auth is done on the freeipa server and no user can be locked out. If the otp is correct, the user is now allowed to to login via password+otp. unfortunately, there is no api method that can check only the otp for a user with an identity. Would it be possible to expose such a new method? kind regards -- Thomas -- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project