[Freeipa-users] OTP and cached credentials
Rob Verduijn
rob.verduijn at gmail.com
Sat Mar 14 09:50:30 UTC 2015
For which sssd release is this feature targetted ?
Rob Verduijn
2015-03-12 23:26 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
> On 03/12/2015 04:59 PM, Jakub Hrozek wrote:
>
>> On 12 Mar 2015, at 21:32, Rob Verduijn <rob.verduijn at gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> I was looking into otp authentication and found some articles on how to
>>> enable this in freeipa.
>>>
>>> I can't seem to figure out how this is going to deal with cashed
>>> credentials on a laptop that is not able to connect the ipa server.
>>>
>>> How is this going to work out when 'native OTP' is being used ?
>>>
>> I'm sorry, but currently it doesn't as with the current (sssd-1.12.x)
>> version we treat the long and one-time part as a single blob, so we can't
>> cache it.
>>
>> In the next version, we'll work on prompting for and handling the short
>> and long term parts of the authtok separately, so we'll be able to cache
>> credentials.
>>
>> Yes. Please do not use current version for laptops.
> See the warning: https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html-single/System-Level_Authentication_Guide/index.
> html#otp
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150314/fbb29790/attachment.htm>
More information about the Freeipa-users
mailing list