[Freeipa-users] Kinit with 2-Factor not working
Geordie Grindle
geordie.grindle at gmail.com
Wed Jun 22 15:54:10 UTC 2016
Hello,
On our current IPA realm where we have not used 2-factor, we’ve been able to kinit to our FreeIPA realm from our laptops. All a Mac user needed to do, for example was to configure a ‘krb5.conf’ file and then ‘kinit user1 at OUR.IPA.REALM.COM <mailto:user1 at our.ipa.realm.com>'. This would allow us to work on our infrastructure without having to re-authenticate for the lifetime of our ticket-granting-ticket, usually the length of a work day.
We are building a new realm using 'ipa-server-4.2.0-15’ and will be requiring 2-factor for authentication. So far it works well, meaning we can ssh to a jump host enrolled in our realm and from there move to other hosts in the realm without having to re-authenticate.
However, we can no longer ‘kinit’. I’ve dug around in the webs and have concluded that either this is a known issue that is not yet fixed, or perhaps someone has fixed it but not yet shared how they got this to work.
How is this impacting anyone else? Does anyone have any helpful information they can share?
thanks,
Geordie Grindle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160622/e24b03cf/attachment.htm>
More information about the Freeipa-users
mailing list