[Freeipa-users] Using Native OTP for auth from specific hosts

[Michael Lasevich]

Ok, I am trying to figure out how to use native OTP capabilities in
FreeIPA4 to authenticate users but I am not finding enough docs on how to
USE OTP.

Specifically I would like to force OTP authentication on specific servers
while allowing password auth in other cases. As I understand
authentication, you can either select OTP or password or both
authentications, but if you select both, the user can use password instead
of otp from ANY server.

Is there any way to block password auth based on source (HBAC rules?) So
far the only way I can figure out is to create a second account, which is
less than optimal.

Thanks,

-M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140811/c6a066f9/attachment.htm>