[Freeipa-users] FreeIPA and Application Specific Passwords
Martin Minkus
martin.minkus at sonic.com
Fri Feb 20 17:41:03 UTC 2015
On 19/02/15 02:06, Jan Pazdziora wrote:
> On Wed, Feb 18, 2015 at 04:06:39PM -0800, Martin Minkus wrote:
>>
>> Except where we don't want single sign on, and separate passwords are
>> advantageous or even required:
>>
>> - Web logins
>
> Could you elaborate on the use cases when you'd want your users to log
> in using their passwords on a Web login, instead of using SSO, be it
> Kerberos or SAML? Is that purely the application not supporting it
> or are there some other reasons (you say "we don't want single sign
> on" which sounds like a political or compliance issue, not technical
> one).
Hi, thanks for your response.
It seems to be related to a compliance issue. We need to be pci
compliant as some of our systems handle credit card data. We already use
two factor auth for vpn's using Duo but it seems management would like
to store vpn passwords in our FreeIPA directory but have it be a
separate and different password to the usual login password.
Anyway, I guess we will figure out a technical solution that works for us.
Thanks,
Martin.
More information about the Freeipa-users
mailing list