On Tue, Jun 30, 2015 at 11:34:55AM +0530, Prashant Bapat wrote: > > I was able to set this up in a Fedora instance with SSSD and it works as > expected. SSHD first uses the public key and then prompts for password > which is ofcourse password+OTP. > > However, having a user enter the password+OTP every time he logs in during > the day is kind of inconvenient. Is it possible to make sure the user has > to login once and the credentials are cached for say 12/24 hours. I know
The problem is, you don't really know it's the same user, upon that second access. Would Kerberos/GSSAPI perhaps help you, by giving you time-constrained service ticket? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
