[Freeipa-users] otp issue: can't log in with password+otp
Jan Pazdziora
jpazdziora at redhat.com
Fri Sep 25 06:29:09 UTC 2015
On Tue, Sep 22, 2015 at 08:55:53AM -0400, Nathaniel McCallum wrote:
> On Mon, 2015-09-21 at 16:49 -0600, Duncan McNaught wrote:
> > Dear freeipa-users,
> >
> > I'm having an issue with otp in freeipa. I can set up the service as
> > described in the blog post for TOTP or HOTP, and sync the token fine.
> > When I try to login to the admin tools or an ipa-managed client
> > (with <password><token>) , I get a password incorrect message.
> > Here are some more details: https://github.com/adelton/docker-freeipa
> > /issues/34
> > Can anyone help me to debug/get this working?
>
> I'm very unclear as to what you are trying to do. Are you trying to
> run FreeIPA in a container? If so, Jan is probably your man. AFAIK,
> ipa-otpd will require systemd in the container.
Well, we have separate daemon listening on the
/var/run/krb5kdc/DEFAULT.socket in the container which should start
the ipa-otpd at .service when there's a connection made to it. But
somehow it does not seem to be happening even if I fix the parsing of
/etc/ipa/default.conf that ipa-otpd at .service is doing.
What is the simplest way to trigger the connection to
/var/run/krb5kdc/DEFAULT.socket, for debugging purposes?
I haven't even been able to sync the token properly, which Duncan says
in
https://github.com/adelton/docker-freeipa/issues/34#issuecomment-123877080
was working for him.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list