[Freeipa-users] FreeIPA4 OTP vs PAM
Michael Lasevich
mlasevich at lasevich.net
Thu Aug 14 20:19:58 UTC 2014
I am testing a simple setup with FreeIPA 4.0.1 server and a centos6.5 stock
"ipa-client" package and I can get the regular password to work, but not
otp login (otp login works in web ui).
As I understood this, kinit is not expected to work (requires FAST) but PAM
(which uses sssd, which supposed to supports/configure FAST by default)
Indeed the kinit fails with "Generic preauthentication failure while
getting initial credentials" but PAM/SSSD does not seem to work either.
This is a brand new test domain with allow-all HBAC intact, so I do not
think that is the issue
I did not dive into this yet, but before I waste too much time I wanted to
ask if centos 6.5 default ipa client expected to work with 2FA or not.
Thanks
-M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140814/a3925916/attachment.htm>
More information about the Freeipa-users
mailing list