Re: [Freeipa-users] Fedora 19 test day: OTP based 2FA using FreeIPA

[Petr Spacek]

On 28.5.2013 17:41, Dmitri Pal wrote:

To read more about the test day and suggested tests see the following
link
https://fedoraproject.org/wiki/Test_Day:2013-06-06_FreeIPA_Two_Factor_Authentication


Links to LiveCD ISOs on Test Day Wiki page are broken. There is too many 0 
in links.


i686 image doesn't exist at all. Is it intentional?

--
Petr^2 Spacek

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Fedora 19 test day: OTP based 2FA using FreeIPA

[Rob Crittenden]

Petr Spacek wrote:

On 28.5.2013 17:41, Dmitri Pal wrote:

To read more about the test day and suggested tests see the following
link
https://fedoraproject.org/wiki/Test_Day:2013-06-06_FreeIPA_Two_Factor_Authentication



Links to LiveCD ISOs on Test Day Wiki page are broken. There is too
many 0 in links.

i686 image doesn't exist at all. Is it intentional?



The scripts/liveCD are still being worked on. Should be done soon.

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Fedora 19 test day: OTP based 2FA using FreeIPA

[Dmitri Pal]

The FreeIPA team is happy to welcome you to a Fedora Test Day that is
being held on Thursday, June 6th.

We invite you to take part in testing of the new OTP authentication
feature that will become available in upcoming FreeIPA 3.2 upstream
release and will be a part of Fedora 19. The feature is based on the new
extended capabilities of the MIT Kerberos [1] and 389 directory server [2].

The feature would allow users to authenticate against FreeIPA and
acquire Kerberos tickets using either OTP tokens issued by 3rd party
vendors or by FreeIPA server itself.

In the case the token is provided by a 3rd party vendor like RSA, VASCO,
Yubico, etc. the authentication data is forwarded to the external 
authentication server over RADIUS protocol. In this scenario user input
is supposed to consist of the two factors as prescribed by the vendor 
and will be handled by the external server. In case the OTP token is 
issued by FreeIPA itself the user can authenticate using two factors one
of which is his Kerberos password and another one is a token issued for
him. A token can be provisioned to his mobile device and used via Google
authenticator app.

This is an initial phase of the first ever integrated two factor
authentication solution leveraging Kerberos SSO. When complete, users
will be able to authenticate using different authentication methods and
acquire tickets that will allow them to access different services
within the enterprise depending on the strength of their authentication.

More detailed information about the feature can be found here:
https://fedoraproject.org/wiki/Feature/FreeIPA_Two_Factor_Authentication

To read more about the test day and suggested tests see the following
link
https://fedoraproject.org/wiki/Test_Day:2013-06-06_FreeIPA_Two_Factor_Authentication

Thank you for your help and participation!

FreeIPA team

[1] http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS
[2] https://github.com/nkinder/otp_plugin


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users