[Freeipa-users] otp issue: can't log in with password+otp

Alexander Bokovoy abokovoy at redhat.com
Tue Sep 22 18:22:59 UTC 2015 

On Tue, 22 Sep 2015, Duncan McNaught wrote:
>I realize that, thanks.
>That's currently the only problem for us - getting 2FA to work.
Given that we rely on socket activation for ipa-otpd, you would need to
make a wrapper that would listen a unix domain socket and forward the
data between ipa-otpd stdin/stdout and that socket. This is what
provided to us by systemd.

>
>Thanks
>--Duncan
>____________________________
>
>Duncan McNaught
>Infrastructure Engineer
> Technologies | www.bitnet.io
>+1 720 240 6575
>
>On Tue, Sep 22, 2015 at 12:12 PM, Nathaniel McCallum <npmccallum at redhat.com>
>wrote:
>
>> Running IPA in a container is very bleading edge. I would not be
>> surprised at all if you run into lots of problems.
>>
>> On Tue, 2015-09-22 at 12:10 -0600, Duncan McNaught wrote:
>> > Thanks Nathaniel,
>> >   I am running with Jan's Centos-7 container and I'd like to have
>> > Multi-factor Authentication/2FA enabled.
>> > He mentioned that systemd is not running in the container, so I
>> > guess that explains why 2FA is failing. I wonder if I can get
>> > systemd running there.
>> > --Duncan
>> >
>> >
>> > Thanks
>> > --Duncan
>> > ____________________________
>> > Duncan McNaught
>> > Infrastructure Engineer
>> >  Technologies | www.bitnet.io
>> > +1 720 240 6575
>> >
>> > On Tue, Sep 22, 2015 at 6:55 AM, Nathaniel McCallum <npmccallum at redha
>> > t.com> wrote:
>> > > On Mon, 2015-09-21 at 16:49 -0600, Duncan McNaught wrote:
>> > > > Dear freeipa-users,
>> > > >
>> > > > I'm having an issue with otp in freeipa. I can set up the
>> > > service as
>> > > > described in the blog post for TOTP or HOTP, and sync the token
>> > > fine.
>> > > > When I try to login to the admin tools or an ipa-managed client
>> > > > (with <password><token>) , I get a password incorrect message.
>> > > > Here are some more details: https://github.com/adelton/docker-fre
>> > > eipa
>> > > > /issues/34
>> > > > Can anyone help me to debug/get this working?
>> > >
>> > > I'm very unclear as to what you are trying to do. Are you trying to
>> > > run FreeIPA in a container? If so, Jan is probably your man. AFAIK,
>> > > ipa-otpd will require systemd in the container.
>> > >
>> > > If you are trying to run this on CentOS 7.1 (not a container), it
>> > > seems to me that your LDAP server isn't running or something is
>> > > wrong
>> > > with ldapi.
>> > >
>> > > Can you explain your setup in more detail?
>> > >
>> > > Nathaniel
>> > >
>>

>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project


-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list