here is my sssd.conf [domain/mydomain.com] filter_users=root,ubuntu,ec2-user,centos filter_groups=root,ubuntu,ec2-user,centos offline_timeout = 60 ignore_group_members = true cache_credentials = true krb5_store_password_if_offline = True ipa_hbac_refresh = 60 auth_provider = ipa access_provider = ipa chpass_provider = ipa sudo_provider = ipa dns_discovery_domain = mydomain.com ldap_tls_cacert = /etc/ipa/ca.crt ldap_sudo_use_host_filter = false ldap_sudo_refresh_enabled = true
ldap_sudo_full_refresh_interval=86400 ldap_sudo_smart_refresh_interval=200 ldap_sudo_search_base = ou=sudoers,dc=mydomain,dc=com?subtree?(|(sudoHost=ip-10-10-247-202-3456.ipa-dev)(sudoHost=+.svc_ipa-dev*)(sudoHost=ALL)) ldap_connection_expire_timeout = 87473 entry_cache_timeout = 172800 krb5_auth_timeout = 30 debug_level = 9 [sssd] reconnection_retries = 3 config_file_version = 2 services = nss, sudo, pam, ssh domains = mydomain.com debug_level = 9 [nss] homedir_substring = /home debug_level = 9 [pam] debug_level = 9 [sudo] debug_level = 9 [autofs] [ssh] debug_level = 9 [pac] [ifp] [secrets] [session_recording] [prompting/password] password_prompt = Password : [prompting/2fa] single_prompt = False first_prompt = First Factor: second_prompt = Second Factor: When SSSD is online, ssh prompt for 2fa user asks like below. First Factor: Second Factor: but if SSSD goes to offline, ssh prompt asks only password like password : How can I configure to get multi prompt asking for 2fa user even in SSSD offline mode? Of course, otp validation will be ignored even though user inputs otp. I just want to keep multi prompt even in both SSSD online and SSSD offline. Is it possible to be configured ? -- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
