[Freeipa-users] Fwd: 2-Factor and services

[Matt Wells]

Had an error on my options for the list and the replies failed to get
to me. We'll see if this reply works.  :)

@Dmitri - Anyone coming through this service/host (OpenVPN with pam)
will be required to use 2-Factor.  Their normal logins at their desk
are not required for 2-factor, it's ok if they use it but it's not
required at all.
This VPN service is as assumed, exposed to the internet.  We're
wanting to protect ourselves as best we can with AAA.



-------------------------------
I've got many of users setup with 2-Factor and I'd like to enforce it
with some services.
For example.
Server vpn.example.com is an openvpn servers setup to use PAM.
Since he's tied to my 4.X IDM servers I can use 2-Factor with him.
However I want to enforce that users from this system/service require
2-Factor.
Can anyone point me in the right direction?  My Google Foo is showing
to be poor on this one and any guidance would be appreciated.

As always thanks for taking the time to read over this.


So do you want to use 2FA for some users and 1FA for others or do you
want to have flexibility to use 2FA for the same user on one system
and not another?
Do you plan to use external tokens like RSA or you plan to use native
OTP support in IPA?




--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.


-- 


Matt Wells
Chief Systems Architect
RHCVA, RHCA #110-000-353
(702) 808-0424
matt.wells at mosaic451.com
 Las Vegas | Phoenix | Portland Mosaic451.com
CONFIDENTIALITY NOTICE: This transmittal is a confidential
communication or may otherwise be privileged. If you are not intended
recipient, you are hereby notified that you have received this
transmittal in error and that any review, dissemination, distribution
or copying of this transmittal is strictly prohibited. If you have
received this communication in error, please notify this office, and
immediately delete this message and all its attachments, if any.