Re: [Freeipa-users] 2-Factor and services
Had an error on my options for the list and the replies failed to get to me. We'll see if this reply works. :) @Dmitri - Anyone coming through this service/host (OpenVPN with pam) will be required to use 2-Factor. Their normal logins at their desk are not required for 2-factor, it's ok if they use it but it's not required at all. This VPN service is as assumed, exposed to the internet. We're wanting to protect ourselves as best we can with AAA. --- I've got many of users setup with 2-Factor and I'd like to enforce it with some services. For example. Server vpn.example.com is an openvpn servers setup to use PAM. Since he's tied to my 4.X IDM servers I can use 2-Factor with him. However I want to enforce that users from this system/service require 2-Factor. Can anyone point me in the right direction? My Google Foo is showing to be poor on this one and any guidance would be appreciated. As always thanks for taking the time to read over this. So do you want to use 2FA for some users and 1FA for others or do you want to have flexibility to use 2FA for the same user on one system and not another? Do you plan to use external tokens like RSA or you plan to use native OTP support in IPA? -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] 2-Factor and services
Hi, So pass authentication to a RSA radius server and key fobs? Looks like RHEL7.1 can do this, I am waiting for its release to do just this. regards Steven Jones B.Eng (Hons) Technical Specialist - Linux RHCE Victoria University ITS, Level 8 Rankin Brown Building, Wellington, NZ 6012 0064 4 463 6272 From: freeipa-users-boun...@redhat.com freeipa-users-boun...@redhat.com on behalf of Matt Wells matt.we...@mosaic451.com Sent: Thursday, 26 February 2015 10:54 a.m. To: freeipa-users@redhat.com Subject: [Freeipa-users] 2-Factor and services I've got many of users setup with 2-Factor and I'd like to enforce it with some services. For example. Server vpn.example.comhttp://vpn.example.com is an openvpn servers setup to use PAM. Since he's tied to my 4.X IDM servers I can use 2-Factor with him. However I want to enforce that users from this system/service require 2-Factor. Can anyone point me in the right direction? My Google Foo is showing to be poor on this one and any guidance would be appreciated. As always thanks for taking the time to read over this. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] 2-Factor and services
On 02/25/2015 04:54 PM, Matt Wells wrote: I've got many of users setup with 2-Factor and I'd like to enforce it with some services. For example. Server vpn.example.com http://vpn.example.com is an openvpn servers setup to use PAM. Since he's tied to my 4.X IDM servers I can use 2-Factor with him. However I want to enforce that users from this system/service require 2-Factor. Can anyone point me in the right direction? My Google Foo is showing to be poor on this one and any guidance would be appreciated. As always thanks for taking the time to read over this. So do you want to use 2FA for some users and 1FA for others or do you want to have flexibility to use 2FA for the same user on one system and not another? Do you plan to use external tokens like RSA or you plan to use native OTP support in IPA? -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project