<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 03/14/2015 05:50 AM, Rob Verduijn
wrote:<br>
</div>
<blockquote
cite="mid:CAMkGkc4WMSFnD=5jcVPSXtigASOUfGrpro=vUz-B9oNbb4gWRw@mail.gmail.com"
type="cite">
<div dir="ltr">For which sssd release is this feature targetted ?</div>
</blockquote>
<br>
The ability to use OTP with laptops is targeted to the 1.13 release.<br>
<br>
<blockquote
cite="mid:CAMkGkc4WMSFnD=5jcVPSXtigASOUfGrpro=vUz-B9oNbb4gWRw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Rob Verduijn</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2015-03-12 23:26 GMT+01:00 Dmitri Pal <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb">
<div class="h5">On 03/12/2015 04:59 PM, Jakub Hrozek
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
On 12 Mar 2015, at 21:32, Rob Verduijn <<a
moz-do-not-send="true"
href="mailto:rob.verduijn@gmail.com"
target="_blank">rob.verduijn@gmail.com</a>>
wrote:<br>
<br>
Hello,<br>
<br>
I was looking into otp authentication and found some
articles on how to enable this in freeipa.<br>
<br>
I can't seem to figure out how this is going to deal
with cashed credentials on a laptop that is not able
to connect the ipa server.<br>
<br>
How is this going to work out when 'native OTP' is
being used ?<br>
</blockquote>
I'm sorry, but currently it doesn't as with the
current (sssd-1.12.x) version we treat the long and
one-time part as a single blob, so we can't cache it.<br>
<br>
In the next version, we'll work on prompting for and
handling the short and long term parts of the authtok
separately, so we'll be able to cache credentials.<br>
<br>
</blockquote>
</div>
</div>
Yes. Please do not use current version for laptops.<br>
See the warning: <a moz-do-not-send="true"
href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/System-Level_Authentication_Guide/index.html#otp"
target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/System-Level_Authentication_Guide/index.html#otp</a><span
class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
Thank you,<br>
Dmitri Pal<br>
<br>
Sr. Engineering Manager IdM portfolio<br>
Red Hat, Inc.<br>
<br>
-- <br>
Manage your subscription for the Freeipa-users mailing
list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a>
for more info on the project<br>
</font></span></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>