[Freeipa-users] sudo with OTP

[Brad Bendy]

Ignore what I said earlier :)

The issue is when I run sudo the lookup appears to still be wanting
OTP (even though RADIUS is the only box checked for that user), no
matter what I enter it won't go past that first prompt, the request
never makes it over to my RADIUS server at all. Standard logins work
just fine but soon as you try to sudo it wants the "first factor" but
request never make it to the RADIUS server. Im going to play around
with some settings, but am I missing something or is there no way to
forward the sudo request to the same RADIUS server as well?

Thanks


On Wed, Mar 23, 2016 at 2:41 PM, Brad Bendy <brad.bendy at gmail.com> wrote:
> I will upgrade a few machines and test this out, I just got done
> making a script for RADIUS to handle OTP, I didn't see this e-mail
> till now!
>
> If Password + RADIUS are turned on for the user it looks like it's
> still doing the first factor prompt, if I don't enable the password
> option then a LDAP (have not tested Kerberos yet) lookup will fail,
> haven't dug into to see if the account is disabled or what is causing
> that. Does that sound correct though? My idea was to have FreeIPA
> proxy to RADIUS and let RADIUS to the LDAP/Kerberos+OTP and then auth
> that way, I take it that's not going to work?
>
> Thanks
>
>
> On Wed, Mar 23, 2016 at 12:09 AM, Lukas Slebodnik <lslebodn at redhat.com> wrote:
>> On (22/03/16 10:06), Brad Bendy wrote:
>>>Im having some issues applying these patches with dependencies. But on
>>>a side note, this needs to be applied to the client machines as well
>>>the IPA server itself, correct?
>>>
>> I pushed related sudo patches to fedora yesterday.
>> They are in updates-testing ATM.
>>
>> If you want to test packages on el6 or el7
>> Then backported version of fedora packages are available in
>> our sssd group copr repo.
>> https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-13/
>>
>> Please report any bugs here or to sssd-users.
>>
>> LS