Hello all on the list! Kind of an odd question, but management has asked me to try to find this out. We've been rolling out FreeIPA to replace OpenLDAP inside a higher-security (PCI Compliant) part of our overall network. One of the things we would like to possibly do is require 2FA (using Yubikeys) for certain machines within that network, without creating a second FreeIPA domain. For example, inside this domain we have jump hosts that will require Yubikey 2FA to log in to, and from that point forward, Kerberos would be used to move from one machine to another. However, for 2 specific machines, we'd like to require a second 2FA authentication to those to provide some additional security. Is this even possible?
Thanks, Jeremy Utley
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org