Charles Hedrick via FreeIPA-users <freeipa-users@lists.fedorahosted.org> writes:
> I’d like to avoid having to use a second cache to armor 2FA > requests. My impression was that SPAKE was supposed to fix this. I > just installed a new kdc (replica of an old one) in Centos 8. It > understands SPAKE, offering it as preauthebtication for normal > users. But a user with 2FA is not offered SPAKE preach. I still have > to use FAST. > > Have I misunderstood, or is extra configuration needed? SPAKE is a variant preauthentication mechanism for acquiring TGTs. It is fully supported in el8. However, what you're looking for is an appropriate 2FA mechanism - currently none of those have been created yet. What you're after is a planned future goal (but requires me to have more time to work on it :) ). Thanks, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org