Hi all,
In my setup I have TOTP (software token) enabled, and it works as intended. My only concern is, that I want only the "admin" to be able to generate software tokens, that they later can assign to users. Essentially, I want to do away with user-managed tokens, and only have administrator-managed tokens. I was wondering if such a thing is possible?
Thank you.
Kevin Cassar via FreeIPA-users wrote:
Hi all,
In my setup I have TOTP (software token) enabled, and it works as intended. My only concern is, that I want only the "admin" to be able to generate software tokens, that they later can assign to users. Essentially, I want to do away with user-managed tokens, and only have administrator-managed tokens. I was wondering if such a thing is possible?
It would involve deleting the acis that grant the add/modify rights. This isn't something we've tested so there could be dragons.
These are actual 389-ds acis and not represented as permissions for reasons I don't know. You'd have to use ldapmodify or your favorite LDAP editor to remove the acis.
rob
freeipa-users@lists.fedorahosted.org
-
Kevin Cassar -
Rob Crittenden