Ok, I am trying to figure out how to use native OTP capabilities in
FreeIPA4 to authenticate users but I am not finding enough docs on how to
USE OTP.
Specifically I would like to force OTP authentication on specific servers
while allowing password auth in other cases. As I understand
On Mon, 11 Aug 2014, Michael Lasevich wrote:
Ok, I am trying to figure out how to use native OTP capabilities in
FreeIPA4 to authenticate users but I am not finding enough docs on how to
USE OTP.
Specifically I would like to force OTP authentication on specific servers
while allowing password
Thanks for quick response, further questions inline.
On Mon, Aug 11, 2014 at 11:49 AM, Alexander Bokovoy aboko...@redhat.com
wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
Ok, I am trying to figure out how to use native OTP capabilities in
FreeIPA4 to authenticate users but I am not
On Mon, 11 Aug 2014, Michael Lasevich wrote:
So, it is NOT intended to use for border-style 2FA authentication (i.e.
VPN) - which seems may be a common use case for 2FA?
You can always supplement authentication check with some host-specific
information at the VPN concentrator. We don't have
On Mon, Aug 11, 2014 at 12:30 PM, Alexander Bokovoy aboko...@redhat.com
wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
So, it is NOT intended to use for border-style 2FA authentication (i.e.
VPN) - which seems may be a common use case for 2FA?
You can always supplement authentication
On Mon, 11 Aug 2014, Michael Lasevich wrote:
On Mon, Aug 11, 2014 at 12:30 PM, Alexander Bokovoy aboko...@redhat.com
wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
So, it is NOT intended to use for border-style 2FA authentication (i.e.
VPN) - which seems may be a common use case for
On 08/11/2014 08:49 PM, Alexander Bokovoy wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
Ok, I am trying to figure out how to use native OTP capabilities in
FreeIPA4 to authenticate users but I am not finding enough docs on
how to
USE OTP.
Specifically I would like to force OTP
On 08/11/2014 10:04 PM, Alexander Bokovoy wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
On Mon, Aug 11, 2014 at 12:30 PM, Alexander Bokovoy
aboko...@redhat.com
wrote:
On Mon, 11 Aug 2014, Michael Lasevich wrote:
So, it is NOT intended to use for border-style 2FA authentication
(i.e.
My thought is that while 2 and 3 are same from IPA point of view, since I
am guaranteed to be sending a different credentials in those cases I am
guaranteed to be checking both password and otp. Prevents a case where
user's password ends in a string of digits similar to OTP.
I will look into
