[Freeipa-users] otp question to limit brute force vector for web applications
Thomas Heil
heil at terminal-consulting.de
Fri May 13 13:25:05 UTC 2016
Hi,
I would like to reduce the vector of brute force attacks in my web
application written in php. Users can login via passord and otp which
are hosted on freeipa.
To achieve this I would like to check the otp first, so no password auth
is done on the freeipa server and no user can be locked out.
If the otp is correct, the user is now allowed to to login via password+otp.
unfortunately, there is no api method that can check only the otp for a
user with an identity.
Would it be possible to expose such a new method?
kind regards
--
Thomas
--
More information about the Freeipa-users
mailing list