[Freeipa-users] OTP and cached credentials
Dmitri Pal
dpal at redhat.com
Sat Mar 14 15:56:11 UTC 2015
On 03/14/2015 05:50 AM, Rob Verduijn wrote:
> For which sssd release is this feature targetted ?
The ability to use OTP with laptops is targeted to the 1.13 release.
>
> Rob Verduijn
>
> 2015-03-12 23:26 GMT+01:00 Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>>:
>
> On 03/12/2015 04:59 PM, Jakub Hrozek wrote:
>
> On 12 Mar 2015, at 21:32, Rob Verduijn
> <rob.verduijn at gmail.com <mailto:rob.verduijn at gmail.com>>
> wrote:
>
> Hello,
>
> I was looking into otp authentication and found some
> articles on how to enable this in freeipa.
>
> I can't seem to figure out how this is going to deal with
> cashed credentials on a laptop that is not able to connect
> the ipa server.
>
> How is this going to work out when 'native OTP' is being
> used ?
>
> I'm sorry, but currently it doesn't as with the current
> (sssd-1.12.x) version we treat the long and one-time part as a
> single blob, so we can't cache it.
>
> In the next version, we'll work on prompting for and handling
> the short and long term parts of the authtok separately, so
> we'll be able to cache credentials.
>
> Yes. Please do not use current version for laptops.
> See the warning:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/System-Level_Authentication_Guide/index.html#otp
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150314/1052308d/attachment.htm>
More information about the Freeipa-users
mailing list