<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 02/25/2015 04:54 PM, Matt Wells
wrote:<br>
</div>
<blockquote
cite="mid:CAJ9FbdKd-DK-2182pKBAmHJHqknwpG94f0CHOyhimDSzha9Eag@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_signature">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>I've got many of users setup with 2-Factor and I'd
like to enforce it with some services.</div>
<div>For example.</div>
<div>Server <a moz-do-not-send="true"
href="http://vpn.example.com">vpn.example.com</a> is
an openvpn servers setup to use PAM. </div>
<div>Since he's tied to my 4.X IDM servers I can use
2-Factor with him. However I want to enforce that
users from this system/service require 2-Factor. </div>
<div>Can anyone point me in the right direction? My
Google Foo is showing to be poor on this one and any
guidance would be appreciated.</div>
<div><br>
</div>
<div>As always thanks for taking the time to read over
this.</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
So do you want to use 2FA for some users and 1FA for others or do
you want to have flexibility to use 2FA for the same user on one
system and not another?<br>
Do you plan to use external tokens like RSA or you plan to use
native OTP support in IPA?<br>
<br>
<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>