This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1292363 - [RFE] Support OTP logins for AD trust users
[RFE] Support OTP logins for AD trust users
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
high Severity medium
: rc
: ---
Assigned To: SSSD Maintainers
Steeve Goveas
: FutureFeature
Depends On:
Blocks: 1401629
  Show dependency treegraph
Reported: 2015-12-17 03:26 EST by Jakub Hrozek
Modified: 2017-08-18 03:38 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jakub Hrozek 2015-12-17 03:26:51 EST
Description of problem:
Allow defining OTP token for AD user logging in Linux machine. This is not for GSSAPI use case, this is for log-in with user password. Alexander already did a prototype at DevConf 2015.

At the moment it should be possible to assign a token already and do an ldapsearch with password+token. However, we need to figure out the prompting part and whether we need to only do an ldapsearch or also kinit (provided we know the long-term password part)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. set up IPA-AD trust
2. log in with AD user ID and password+pin combo

Actual results:

Expected results:

Additional info:
Comment 2 Jakub Hrozek 2016-01-04 04:52:55 EST
Upstream ticket:

Note You need to log in before you can comment on or make changes to this bug.