Bug 1298980

Summary: [RFE] Better 1FA/2FA Granularity
Product: Red Hat Enterprise Linux 7 Reporter: Petr Vobornik <pvoborni>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED WONTFIX QA Contact: Namita Soman <nsoman>
Severity: medium Docs Contact:
Priority: high    
Version: 7.2CC: rcritten
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-22 16:32:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Vobornik 2016-01-15 15:34:06 UTC 
Description of problem:
Authentication indicators being merged in Kerberos 1.14 will allow us enable several use cases. There are 3 scenarios to address:
 * Configure LDAP and Kerberos authentication requirements: 1FA vs. 1FA+2FA vs. 2FA
 * Subset of clients should require 2FA
 * Selective client enforced 2FA

Note: scope of the RFE is subject of discussion.
Comment 3 Petr Vobornik 2016-02-22 16:32:01 UTC 
Closing this BZ, full scope is too big for 7.3 and the rest of the use cases is tracked in bug 1224057 anyway.