On ma, 26 helmi 2018, Winfried de Heiden wrote:
Hi all,
What about an RFE on this :)
See my other response. It isn't done just for fun, there is a
fundamental issue of authorization made at authentication time
when there is not enough information about a target to authorize.
Winfried
-O
Angry users, indeed...:)
NOPASSWD seems like no option, I struggle some more...
Winfried
-Oorspronkelijke bericht-
Datum: Fri, 23 Feb 2018 16:02:06 +0100
Onderwerp: Re: [Freeipa-users] OTP for specific services only
Cc: Winfried de Heiden
Aan: FreeIPA users list
Van: Maciej Drobniuch
Hi all,
What about an RFE on this :)
Winfried
-Oorspronkelijke bericht-
Datum: Fri, 23 Feb 2018 16:54:45 +0200
Onderwerp: Re: [Freeipa-users] OTP for specific services only
Cc: Winfried de Heiden
Aan: FreeIPA users list
Van: Alexander Bokovoy
On pe, 23 helmi 2018, Winfried de Heiden
Winfried de Heiden via FreeIPA-users
writes:
> OTP using IPA 4.5 on CentOS seems to work well. However: I can force a user
> to use OTP and/or a host.
Authentication indicators won't work that way...
> Selecting a user, ALL authentication needs OTP. Since sudo in this case will
> ask for OTP
On pe, 23 helmi 2018, Maciej Drobniuch via FreeIPA-users wrote:
Hey Winfired,
I've been struggling with this too.
Currently I'm doing a hack (NO PASSWORD) in sudoers to at least workaround
the otp at sudo.
It's as always usability+angry users vs security.
Well, consider that authentication is
Hey Winfired,
I've been struggling with this too.
Currently I'm doing a hack (NO PASSWORD) in sudoers to at least workaround
the otp at sudo.
It's as always usability+angry users vs security.
BR
Maciej
On Fri, Feb 23, 2018 at 3:07 PM, Winfried de Heiden via FreeIPA-users <
freeipa-users@lists.
On pe, 23 helmi 2018, Winfried de Heiden via FreeIPA-users wrote:
Hi al,
OTP using IPA 4.5 on CentOS seems to work well. However: I can force a user to
use OTP and/or a host.
Selecting a user, ALL authentication needs OTP. Since sudo in this case will
ask for OTP also, this turn out quite