Re: [Freeipa-users] otp issue: can't log in with password+otp

On Tue, Sep 22, 2015 at 08:55:53AM -0400, Nathaniel McCallum wrote: > On Mon, 2015-09-21 at 16:49 -0600, Duncan McNaught wrote: > > Dear freeipa-users, > > > > I'm having an issue with otp in freeipa. I can set up the service as > > described in the blog post for TOTP or HOTP, and sync the token

Re: [Freeipa-users] otp issue: can't log in with password+otp

On Fri, 25 Sep 2015, Jan Pazdziora wrote: On Tue, Sep 22, 2015 at 08:55:53AM -0400, Nathaniel McCallum wrote: On Mon, 2015-09-21 at 16:49 -0600, Duncan McNaught wrote: > Dear freeipa-users, > > I'm having an issue with otp in freeipa. I can set up the service as > described in the blog post for

Re: [Freeipa-users] otp issue: can't log in with password+otp

On Fri, Sep 25, 2015 at 10:09:55AM +0300, Alexander Bokovoy wrote: > > > >Well, we have separate daemon listening on the > >/var/run/krb5kdc/DEFAULT.socket in the container which should start > >the ipa-otpd@.service when there's a connection made to it. But > >somehow it does not seem to be

Re: [Freeipa-users] otp issue: can't log in with password+otp

On Fri, 25 Sep 2015, Jan Pazdziora wrote: On Fri, Sep 25, 2015 at 10:09:55AM +0300, Alexander Bokovoy wrote: > >Well, we have separate daemon listening on the >/var/run/krb5kdc/DEFAULT.socket in the container which should start >the ipa-otpd@.service when there's a connection made to it. But

Re: [Freeipa-users] otp issue: can't log in with password+otp

On Fri, 2015-09-25 at 09:22 +0200, Jan Pazdziora wrote: > On Fri, Sep 25, 2015 at 10:09:55AM +0300, Alexander Bokovoy wrote: > > > > > > Well, we have separate daemon listening on the > > > /var/run/krb5kdc/DEFAULT.socket in the container which should > > > start > > > the ipa-otpd@.service when

Re: [Freeipa-users] otp issue: can't log in with password+otp

On a related point to this note - Duncan, did you try to run your setup with RPM version of FreeIPA? FreeIPA 4.2 is included both in RHEL-7.2 Beta or in Fedora 23 Beta updates-testing repo, so you can try the latest and greatest version there and thus find out if the problems you are seeing are

Re: [Freeipa-users] otp issue: can't log in with password+otp

On Tue, 22 Sep 2015, Duncan McNaught wrote: I realize that, thanks. That's currently the only problem for us - getting 2FA to work. Given that we rely on socket activation for ipa-otpd, you would need to make a wrapper that would listen a unix domain socket and forward the data between ipa-otpd

Re: [Freeipa-users] otp issue: can't log in with password+otp

I realize that, thanks. That's currently the only problem for us - getting 2FA to work. Thanks --Duncan Duncan McNaught Infrastructure Engineer Technologies | www.bitnet.io +1 720 240 6575 On Tue, Sep 22, 2015 at 12:12 PM, Nathaniel McCallum

Re: [Freeipa-users] otp issue: can't log in with password+otp

Running IPA in a container is very bleading edge. I would not be surprised at all if you run into lots of problems. On Tue, 2015-09-22 at 12:10 -0600, Duncan McNaught wrote: > Thanks Nathaniel, > I am running with Jan's Centos-7 container and I'd like to have > Multi-factor Authentication/2FA

Re: [Freeipa-users] otp issue: can't log in with password+otp

Thanks Nathaniel, I am running with Jan's Centos-7 container and I'd like to have Multi-factor Authentication/2FA enabled. He mentioned that systemd is not running in the container, so I guess that explains why 2FA is failing. I wonder if I can get systemd running there. --Duncan Thanks

Re: [Freeipa-users] otp issue: can't log in with password+otp

On Mon, 2015-09-21 at 16:49 -0600, Duncan McNaught wrote: > Dear freeipa-users, > > I'm having an issue with otp in freeipa. I can set up the service as > described in the blog post for TOTP or HOTP, and sync the token fine. > When I try to login to the admin tools or an ipa-managed client >