[Freeipa-users] Kerberos and 2fa with mac OS X client
Sumit Bose
sbose at redhat.com
Thu Dec 15 15:53:04 UTC 2016
On Thu, Dec 15, 2016 at 03:38:14PM +0000, Mark Steele wrote:
> Hi,
>
> Has anyone managed to make this work and if so, is there some documentation for doing so?
>
> I can successfully authenticate to my linux servers using 2FA, but am unable to get my Mac to be able to get a ticket with kinit.
>
> Kinit returns: “password incorrect”, and isn’t prompting for the second factor. I’ve also tried appending the second factor to the password (like when logging into the UI).
>
> Any help would be appreciated.
For 2FA FAST is needed http://www.freeipa.org/page/V4/OTP#kinit_Method.
For MacOS I found
https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/kinit.1.html
and according to this the MacOS kinit does not support FAST, i.e. using
an armor credential cache. But maybe there are newer or alternative
versions which supports it?
HTH
bye,
Sumit
>
>
> Thanks
>
> Mark
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list