abbra/freeipa-otp-unstable

Description

Extremely unstable test field for FreeIPA two factor authentication. Read http://www.freeipa.org/page/V3/OTP for design and details.

Installation Instructions

0. Make sure to have updated Fedora 20, with updates-testing enabled as well as updates repo.

1. Install packages (freeipa-server and sssd, krb5 and 389-ds-base and the rest will be pulled in), it is OK to just update, no need to re-install.

2. SSSD in updates-testing for Fedora 20 enables FAST by default for IPA provider.

3. SELinux policies should allow all needed transitions. If something still fails, switch to permissive and make sure to file bugs against FreeIPA:

    # setenforce 0
   
   

4. Restart FreeIPA (systemctl restart ipa)

5. Web UI now includes full support for OTP. You can create users and set them to use OTP, users can create own OTP tokens in self-service.

6. When user has no OTP token but asked to login with OTP, until first token is created, user will be allowed to login with password.

7. You can specify multiple auth types (or in Web UI):

    ipa user-mod user --user-auth-type={password,otp}
   
   

8. Use FreeOTP (in Google Play) as a completely open source soft token.

9. Currently password change in Web UI does not work if OTP token is enabled for the user.

Active Releases

The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).

Release	Architectures	Repo Download

* Total number of downloaded packages.