Hello,

Is it possible to authenticate a user with only OTP and ssh-pubkeys?

So far I have successfully configured FreeIPA to use Two factor
authentication (password + OTP).  I had to change the sshd_config to
achieve this by modifying the AuthenticationMethods to be:

AuthenticationMethods publickey,password:pam
publickey,keyboard-interactive-pam

In this way the user's ssh-pubkey, password, and OTP are required to
login.  I would like to remove the password requirement but retain the OTP
auth.

>From the FreeIPA web UI there is no setting to only enable OTP without a
password.  Is there a way to change the sshd_config AuthenticationMethods
to only allow OTP + ssh-pubkey.  Does this instead require a change to one
of the pam files?

Thanks,

Alex
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to