[Freeipa-users] Re: OTP for specific services only

2018-02-26 Thread Alexander Bokovoy via FreeIPA-users
-Oorspronkelijke bericht- Datum: Fri, 23 Feb 2018 16:54:45 +0200 Onderwerp: Re: [Freeipa-users] OTP for specific services only Cc: Winfried de Heiden <w...@dds.nl> Aan: FreeIPA users list <freeipa-users@lists.fedorahosted.org> Van: Alexander Bokovoy <aboko...@redhat.com> On

[Freeipa-users] Re: OTP for specific services only

2018-02-26 Thread Winfried de Heiden via FreeIPA-users
Angry users, indeed...:) NOPASSWD seems like no option, I struggle some more... Winfried -Oorspronkelijke bericht- Datum: Fri, 23 Feb 2018 16:02:06 +0100 Onderwerp: Re: [Freeipa-users] OTP for specific services only Cc: Winfried de Heiden <w...@dds.nl> Aan: FreeIPA users list &l

[Freeipa-users] Re: OTP for specific services only

2018-02-26 Thread Winfried de Heiden via FreeIPA-users
Hi all, What about an RFE on this :) Winfried -Oorspronkelijke bericht- Datum: Fri, 23 Feb 2018 16:54:45 +0200 Onderwerp: Re: [Freeipa-users] OTP for specific services only Cc: Winfried de Heiden <w...@dds.nl> Aan: FreeIPA users list <freeipa-users@lists.fedorahosted

[Freeipa-users] Re: OTP for specific services only

2018-02-23 Thread Jochen Hein via FreeIPA-users
Winfried de Heiden via FreeIPA-users writes: > OTP using IPA 4.5 on CentOS seems to work well. However: I can force a user > to use OTP and/or a host. Authentication indicators won't work that way... > Selecting a user, ALL authentication needs OTP.

[Freeipa-users] Re: OTP for specific services only

2018-02-23 Thread Alexander Bokovoy via FreeIPA-users
On pe, 23 helmi 2018, Maciej Drobniuch via FreeIPA-users wrote: Hey Winfired, I've been struggling with this too. Currently I'm doing a hack (NO PASSWORD) in sudoers to at least workaround the otp at sudo. It's as always usability+angry users vs security. Well, consider that authentication

[Freeipa-users] Re: OTP for specific services only

2018-02-23 Thread Maciej Drobniuch via FreeIPA-users
Hey Winfired, I've been struggling with this too. Currently I'm doing a hack (NO PASSWORD) in sudoers to at least workaround the otp at sudo. It's as always usability+angry users vs security. BR Maciej On Fri, Feb 23, 2018 at 3:07 PM, Winfried de Heiden via FreeIPA-users <

[Freeipa-users] Re: OTP for specific services only

2018-02-23 Thread Alexander Bokovoy via FreeIPA-users
On pe, 23 helmi 2018, Winfried de Heiden via FreeIPA-users wrote: Hi al, OTP using IPA 4.5 on CentOS seems to work well. However: I can force a user to use OTP and/or a host. Selecting a user, ALL authentication needs OTP. Since sudo in this case will ask for OTP also, this turn out