Hey Winfired, I've been struggling with this too.
Currently I'm doing a hack (NO PASSWORD) in sudoers to at least workaround the otp at sudo. It's as always usability+angry users vs security. BR Maciej On Fri, Feb 23, 2018 at 3:07 PM, Winfried de Heiden via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi al, > > OTP using IPA 4.5 on CentOS seems to work well. However: I can force a > user to use OTP and/or a host. > > Selecting a user, ALL authentication needs OTP. Since sudo in this case > will ask for OTP also, this turn out quite inconvenient. Is is possible to > select only certain services for OTP. for example: > > login using SSH --> OTP > login ftp --> OTP > console --> password only > sudo --> password only > > Winfried > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > -- Best regards Maciej Drobniuch Network Security Engineer Collective-Sense,LLC
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org