[Freeipa-users] FreeIPA4 OTP vs PAM
Michael Lasevich
mlasevich at lasevich.net
Sat Nov 22 21:14:52 UTC 2014
Reviving this as I am still stuck with CentOS 6.
CentOS 6.6 now has sssd 1.11 - yet I still cannot get the OTP to work under
PAM:
I created a test user and added an otp. User works fine without the OTP,
however I keep getting this when trying to test with OTP via pamtester:
pamtester: pam_sss(login:auth): authentication failure; logname= uid=0
euid=0 tty= ruser= rhost= user=michael
pamtester: pam_sss(login:auth): received for user michael: 17 (Failure
setting user credentials)
Is there a way to get more information as to what is going on?
Is my expectation that I would provide otp in a form of "password123456"
correct (assuming my password is "password" and otp token is "123456")?
On Fri, Aug 15, 2014 at 2:29 AM, Michael Lasevich <mlasevich at lasevich.net>
wrote:
> Thanks, glad I asked before wasting time.
>
>
> On Fri, Aug 15, 2014 at 1:07 AM, Jakub Hrozek <jhrozek at redhat.com> wrote:
>
>> On Thu, Aug 14, 2014 at 01:19:58PM -0700, Michael Lasevich wrote:
>> > I did not dive into this yet, but before I waste too much time I wanted
>> to
>> > ask if centos 6.5 default ipa client expected to work with 2FA or not.
>>
>> No it's not, sorry. The 6.5 client is SSSD 1.9.x and there's a couple of
>> fixes that landed during the 1.11 development such as:
>> https://fedorahosted.org/sssd/ticket/2186
>> or:
>> https://fedorahosted.org/sssd/ticket/2271
>> plus some other commits I see in git log which don't reference any ticket.
>>
>> I'd suggest to test using a centos 7.0 client.
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141122/fabc51d1/attachment.htm>
More information about the Freeipa-users
mailing list