[Freeipa-users] Using FreeIPA OTP in a PAM module
Jan Pazdziora
jpazdziora at redhat.com
Tue Jun 30 07:30:28 UTC 2015
On Tue, Jun 30, 2015 at 11:34:55AM +0530, Prashant Bapat wrote:
>
> I was able to set this up in a Fedora instance with SSSD and it works as
> expected. SSHD first uses the public key and then prompts for password
> which is ofcourse password+OTP.
>
> However, having a user enter the password+OTP every time he logs in during
> the day is kind of inconvenient. Is it possible to make sure the user has
> to login once and the credentials are cached for say 12/24 hours. I know
The problem is, you don't really know it's the same user, upon that
second access.
Would Kerberos/GSSAPI perhaps help you, by giving you time-constrained
service ticket?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list