[Freeipa-users] One time passwords - 2 factor
Rob Crittenden
rcritten at redhat.com
Fri Nov 30 01:43:45 UTC 2012
Steven Jones wrote:
> Hi,
>
> Is it possible to use the freeipa API and and external program to do one time passwords? (password is sent by the external app, sms to smartphone).
Not yet. The problem is lack of support in the KDC and this is being
actively worked on.
We did a proof-of-concept at the Red Hat Summit a couple of years ago
using a Yubikey as the OTP source. It was, as they say in New England,
wicked cool.
It was very much hardcoded though. AFAIK they are working on a plugin
interface to make this much easier to do. A lot of the work is being
done here: https://fedorahosted.org/AuthHub/
rob
More information about the Freeipa-users
mailing list