Angry users, indeed...:) NOPASSWD seems like no option, I struggle some more...
Winfried -----Oorspronkelijke bericht----- Datum: Fri, 23 Feb 2018 16:02:06 +0100 Onderwerp: Re: [Freeipa-users] OTP for specific services only Cc: Winfried de Heiden <w...@dds.nl> Aan: FreeIPA users list <freeipa-users@lists.fedorahosted.org> Van: Maciej Drobniuch <m...@collective-sense.com> Hey Winfired, I've been struggling with this too. Currently I'm doing a hack (NO PASSWORD) in sudoers to at least workaround the otp at sudo. It's as always usability+angry users vs security. BR Maciej On Fri, Feb 23, 2018 at 3:07 PM, Winfried de Heiden via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > > > > Hi al, > > > > OTP using IPA 4.5 on CentOS seems to work well. However: I can > force a user to use OTP and/or a host. > > > > Selecting a user, ALL authentication needs OTP. Since sudo in > this > case will ask for OTP also, this turn out quite inconvenient. > Is > is possible to select only certain services for OTP. for > example: > > > > login using SSH --> OTP > > login ftp --> OTP > > console --> password only > > sudo --> password only > > > > Winfried > > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to freeipa-users-leave@lists.fedorahoste > d.org > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org