On ma, 26 helmi 2018, Winfried de Heiden wrote:
Hi all,
What about an RFE on this :)
See my other response. It isn't done just for fun,
there is a
fundamental issue of authorization made at authentication time
when there is not enough information about a target to authorize.
Winfried
-----Oorspronkelijke bericht-----
Datum: Fri, 23 Feb 2018 16:54:45 +0200
Onderwerp: Re: [Freeipa-users] OTP for specific services only
Cc: Winfried de Heiden <wdh(a)dds.nl>
Aan: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Van: Alexander Bokovoy <abokovoy(a)redhat.com>
On pe, 23 helmi 2018, Winfried de Heiden via FreeIPA-users wrote:
> Hi al,
>
> OTP using IPA 4.5 on CentOS seems to work well. However: I can force
> a user to
> use OTP and/or a host.
>
> Selecting a user, ALL authentication needs OTP. Since sudo in this
> case will
> ask for OTP also, this turn out quite inconvenient. Is is possible to
> select
> only certain services for OTP. for example:
>
> login using SSH --> OTP
> login ftp --> OTP
> console --> password only
> sudo --> password only
Not possible right now, sorry.
--
/ Alexander Bokovoy