abbra/freeipa-otp-unstable
Project ID: 118
Description
Extremely unstable test field for FreeIPA two factor authentication. Read http://www.freeipa.org/page/V3/OTP for design and details.
Installation Instructions
-
Make sure to have updated Fedora 20, with updates-testing enabled as well as updates repo.
-
Install packages (freeipa-server and sssd, krb5 and 389-ds-base and the rest will be pulled in), it is OK to just update, no need to re-install.
-
SSSD in updates-testing for Fedora 20 enables FAST by default for IPA provider.
-
SELinux policies should allow all needed transitions. If something still fails, switch to permissive and make sure to file bugs against FreeIPA:
# setenforce 0 -
Restart FreeIPA (systemctl restart ipa)
-
Web UI now includes full support for OTP. You can create users and set them to use OTP, users can create own OTP tokens in self-service.
-
When user has no OTP token but asked to login with OTP, until first token is created, user will be allowed to login with password.
-
You can specify multiple auth types (or in Web UI):
ipa user-mod user --user-auth-type={password,otp} -
Use FreeOTP (in Google Play) as a completely open source soft token.
-
Currently password change in Web UI does not work if OTP token is enabled for the user.
Active Releases
The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).
Release | Architectures | Repo Download |
---|
* Total number of downloaded packages.
Last Build
No builds...