[Freeipa-users] Re: freeipa with sudo and 2FA (OTP)

Many thanks! ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List

[Freeipa-users] Re: freeipa with sudo and 2FA (OTP)

... turns out I was 99% close to a solution. The only thing left do do was calling /usr/bin/pam-auth-update and -deselecting "Unix authentication" -deselecting "SSS authentication" -selecting "Unix for local and sss for remote/OTP authentication" the selected setting was added via the script

[Freeipa-users] Re: freeipa with sudo and 2FA (OTP)

Hello list! Sorry for hijacking an old thread -- but this seems to be already 95% solution to my problem. I have FreeIPA 4.8.0 installed and I'm trying to get OTP working. And it does work with CentOS8 - just not with Debian 10. Searching the list I found this post describing exactly my

[Freeipa-users] Re: freeipa with sudo and 2FA (OTP)

On 2/6/2018 12:34 AM, Jochen Hein via FreeIPA-users wrote: John Ratliff via FreeIPA-users writes: Okay, so the problem wasn't that it wasn't working; it's that I didn't understand the prompts. Debian only prompts for password, but wants password + OTP on

[Freeipa-users] Re: freeipa with sudo and 2FA (OTP)

John Ratliff via FreeIPA-users writes: > Okay, so the problem wasn't that it wasn't working; it's that I didn't > understand the prompts. Debian only prompts for password, but wants > password + OTP on the same field. CentOS prompts for First Factor / >

[Freeipa-users] Re: freeipa with sudo and 2FA (OTP)

On 2/3/2018 3:10 PM, John Ratliff via FreeIPA-users wrote: I'm trying to setup freeipa with OTP. I created a TOTP under my user in freeipa and updated my user to use 2FA (password + OTP). When I try to do sudo, it only asks for my password and it fails every time (presumably because it isn't