[Freeipa-users] OTP and Laptops
Hello, I'm wondering where/how I could get some more information about the underpinnings of the OTP token mechanisms? Ultimately, I'd like to understand the reason why OTP in FreeIPA doesn't work at the moment with laptops, specifically. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] OTP and Laptops
Depending on the laptop -- assuming you are trying to kinit from a terminal window, check the version of Kerberos. It needs to be at least 1.6. ~J On 7/27/15 7:48 AM, John Johnson wrote: Hello, I'm wondering where/how I could get some more information about the underpinnings of the OTP token mechanisms? Ultimately, I'd like to understand the reason why OTP in FreeIPA doesn't work at the moment with laptops, specifically. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] OTP and Laptops
Kerberos version is 1.12.2 on RHEL7.1. I guess I'm wondering if the issue is hardware-related, somehow specific to laptops; or if it's related to the way laptops are assumed to be used, i.e. portable, etc. On Mon, Jul 27, 2015 at 10:14 AM, Janelle janellenicol...@gmail.com wrote: Depending on the laptop -- assuming you are trying to kinit from a terminal window, check the version of Kerberos. It needs to be at least 1.6. ~J On 7/27/15 7:48 AM, John Johnson wrote: Hello, I'm wondering where/how I could get some more information about the underpinnings of the OTP token mechanisms? Ultimately, I'd like to understand the reason why OTP in FreeIPA doesn't work at the moment with laptops, specifically. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] OTP and Laptops
John Johnson wrote: Kerberos version is 1.12.2 on RHEL7.1. I guess I'm wondering if the issue is hardware-related, somehow specific to laptops; or if it's related to the way laptops are assumed to be used, i.e. portable, etc. It would be helpful if you described what isn't working. rob On Mon, Jul 27, 2015 at 10:14 AM, Janelle janellenicol...@gmail.com mailto:janellenicol...@gmail.com wrote: Depending on the laptop -- assuming you are trying to kinit from a terminal window, check the version of Kerberos. It needs to be at least 1.6. ~J On 7/27/15 7:48 AM, John Johnson wrote: Hello, I'm wondering where/how I could get some more information about the underpinnings of the OTP token mechanisms? Ultimately, I'd like to understand the reason why OTP in FreeIPA doesn't work at the moment with laptops, specifically. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] OTP and Laptops
I'm not saying that something isn't working for me; I'm going off the information available on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/authconfig-addl-auth.html#otp-laptop-users and a thread in this mailing list referencing it. I'm simply trying to understand the particular issue related to the laptop-specific implementation and obstacles as it relates to OTP On Mon, Jul 27, 2015 at 10:13 PM, Rob Crittenden rcrit...@redhat.com wrote: John Johnson wrote: Kerberos version is 1.12.2 on RHEL7.1. I guess I'm wondering if the issue is hardware-related, somehow specific to laptops; or if it's related to the way laptops are assumed to be used, i.e. portable, etc. It would be helpful if you described what isn't working. rob On Mon, Jul 27, 2015 at 10:14 AM, Janelle janellenicol...@gmail.com mailto:janellenicol...@gmail.com wrote: Depending on the laptop -- assuming you are trying to kinit from a terminal window, check the version of Kerberos. It needs to be at least 1.6. ~J On 7/27/15 7:48 AM, John Johnson wrote: Hello, I'm wondering where/how I could get some more information about the underpinnings of the OTP token mechanisms? Ultimately, I'd like to understand the reason why OTP in FreeIPA doesn't work at the moment with laptops, specifically. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] OTP and Laptops
On Mon, 27 Jul 2015, John Johnson wrote: I'm not saying that something isn't working for me; I'm going off the information available on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/authconfig-addl-auth.html#otp-laptop-users and a thread in this mailing list referencing it. I'm simply trying to understand the particular issue related to the laptop-specific implementation and obstacles as it relates to OTP No, there is no hardware-specific limitations. What the documentation tries to explain (rather poorly, I agree!) is that a roaming clients like laptops would have some issues when OTP is the only scheme enabled for the user. This is solved in SSSD 1.13 and both solution and the problem are described in detail in https://fedorahosted.org/sssd/wiki/DesignDocs/PAMConversationForOTP -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project