[Freeipa-devel] [PATCH 0080] Expose the disabled User Auth Type
Petr Vobornik
pvoborni at redhat.com
Thu Dec 4 18:56:13 UTC 2014
On 12/04/2014 07:25 PM, Nathaniel McCallum wrote:
> On Wed, 2014-12-03 at 17:18 +0100, Petr Vobornik wrote:
>> On 13.11.2014 18:04, Nathaniel McCallum wrote:
>>> Additionally, fix a small bug in ipa-kdb so that the disabled User
>>> Auth Type is properly handled.
>>>
>>> https://fedorahosted.org/freeipa/ticket/4720
>>>
>>
>> The patch itself looks good to me, VERSION needs to be updated though.
>>
>> But I don't think it works. Don't know why. In my setup, user's config
>> was not ignored.
>>
>> When I tested login in Web UI with:
>>
>> - global config: disabled, otp
>> - user fbar's config: password
>> - fbar had an hotp token assigned
>>
>> I could still login with password and not with otp. If I added 'otp' to
>> fbar's config, I could also login with otp.
>
> How are you logging in? krb5 or LDAP bind?
>
Forms-based in Web UI. It uses kinit internally.
--
Petr Vobornik
More information about the Freeipa-devel
mailing list