On 5/18/15 7:47 AM, Nathaniel McCallum wrote:
On Mon, 2015-05-18 at 09:45 -0500, Janelle wrote:
Ok, let me ask this a different way, because maybe there is a way,
and I am just not seeing it.
I have 2 datacenters with typical bastions in each. I have enabled
OTP and that works fine via ssh. But the user has to login to both
and opening ssh tunnels is problematic at best.
Using all the creativity in this list, maybe someone knows of another
way to have a user authenticate from a Mac where they would only have
to do it once to get their ticket?
I guess I can't think of anything, but no harm in asking.
Without support for the OTP pre-authentication mechanism, I don't know
of any way to do this while still retaining the security properties of
Kerberos. Basically, you'll have to hand over your password to a third
party (which has OTP support). This is ill advised.
Nathaniel
Going to see about installing MIT version from source on Yosemite and
see what happens.. Current is 1.13.2
Will let you know
~J
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
