Bug 1833269

Summary: Let admins choose the default hash/digits for user-created OTPs
Product: Red Hat Enterprise Linux 8 Reporter: Christian Heimes <cheimes>
Component: ipaAssignee: Florence Blanc-Renaud <frenaud>
Status: NEW --- QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 8.4CC: apeddire, asakure, pasik, pusharma, rcritten, tscherf
Target Milestone: rcKeywords: RFE, Triaged
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christian Heimes 2020-05-08 09:38:02 UTC 
This bug is created as a clone of upstream ticket:
https://pagure.io/freeipa/issue/8285

### Request for enhancement
Regular users are forbid to choose the security options for their OTP token from the Web UI, which is hard-coded to SHA1 hash algorithm and 6-digits password.

The solutions proposed in #6430 is still insufficient when comes to strict security policies (SHA512/8-digits).

We need a global setting from which admins can choose the default hash/digits combinations for user-created OTPs.


#### Version/Release/Distribution
~~~~
   $ rpm -q ipa-server ipa-client 389-ds-base pki-ca krb5-server
ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64
ipa-client-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64
389-ds-base-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64
pki-ca-10.7.3-1.module+el8.1.0+3964+500fc130.noarch
krb5-server-1.17-9.el8.x86_64
~~~~