Hello list!
Sorry for hijacking an old thread -- but this seems to be already 95%
solution to my problem.
I have FreeIPA 4.8.0 installed and I'm trying to get OTP working.
And it does work with CentOS8 - just not with Debian 10.
Searching the list I found this post describing exactly my situation.
What I do not understand is what modification to /etc/pam.d I have to
make after copying the unix+sss script to /usr/share/pam-configs.
Can somebody give me a hint?
Thanks in advance,
Thorsten
On 06.02.18 06:34, Jochen Hein via FreeIPA-users wrote:
John Ratliff via FreeIPA-users <[email protected]>
writes:
Okay, so the problem wasn't that it wasn't working; it's that I didn't
understand the prompts. Debian only prompts for password, but wants
password + OTP on the same field. CentOS prompts for First Factor /
Second Factor.
Is there any way I can make it so that on Debian clients it asks for
the factors separately as well?
Can you please look at /etc/pam.d? Debian uses pam_unix to get the
password+OTP, CentOS/Fedora use pam_sss for non-local users. I've added
the following to /usr/share/pam-configs and use that instead of pam_unix
and pam_sss.
Jochen
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
