On Thu, Mar 22, 2018 at 10:28:17AM -0700, Sean Hogan via FreeIPA-users wrote:
Hello,
We are implementing OTP for a new deployment and we can log in with the
otp codes however when trying to sudo it fails. We would like to use the
2fa to log in but single factor is ok for sudo escalation. Is OTP supposed
You have to allow on the server that the user can use both 1FA
(password) or 2FA, see --user-auth-type option of 'ipa user-add'.
To force 2FA at the log in you have to define on the server that the
host requires the 'OTP' authentication indicator, see --auth-ind option
of 'ipa host-mod'
HTH
bye,
Sumit
to be getting involved when issuing sudo commands?
bob@ipa-client1$ sudo cat /etc/resolv.conf
First Factor:
Second Factor:
Sorry, try again.
First Factor:
sudo: 1 incorrect password attempt
ipa-server-dns-4.5.0-21.el7_4.2.2.noarch
python-libipa_hbac-1.15.2-50.el7_4.6.x86_64
python-ipaddress-1.0.16-2.el7.noarch
ipa-common-4.5.0-21.el7_4.2.2.noarch
ipa-client-common-4.5.0-21.el7_4.2.2.noarch
python2-ipalib-4.5.0-21.el7_4.2.2.noarch
ipa-server-common-4.5.0-21.el7_4.2.2.noarch
ipa-client-4.5.0-21.el7_4.2.2.x86_64
libipa_hbac-1.15.2-50.el7_4.6.x86_64
python2-ipaclient-4.5.0-21.el7_4.2.2.noarch
python2-ipaserver-4.5.0-21.el7_4.2.2.noarch
sssd-ipa-1.15.2-50.el7_4.6.x86_64
python-iniparse-0.4-9.el7.noarch
ipa-server-4.5.0-21.el7_4.2.2.x86_64
Sean Hogan
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org