This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1292363 - [RFE] Support OTP logins for AD trust users
[RFE] Support OTP logins for AD trust users
Status: ASSIGNED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
7.3
Unspecified Unspecified
high Severity medium
: rc
: ---
Assigned To: SSSD Maintainers
Steeve Goveas
: FutureFeature
Depends On:
Blocks: 1401629
  Show dependency treegraph
 
Reported: 2015-12-17 03:26 EST by Jakub Hrozek
Modified: 2017-08-18 03:38 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jakub Hrozek 2015-12-17 03:26:51 EST
Description of problem:
Allow defining OTP token for AD user logging in Linux machine. This is not for GSSAPI use case, this is for log-in with user password. Alexander already did a prototype at DevConf 2015.

At the moment it should be possible to assign a token already and do an ldapsearch with password+token. However, we need to figure out the prompting part and whether we need to only do an ldapsearch or also kinit (provided we know the long-term password part)


Version-Release number of selected component (if applicable):
sssd-1.14

How reproducible:


Steps to Reproduce:
1. set up IPA-AD trust
2. log in with AD user ID and password+pin combo
3.

Actual results:


Expected results:


Additional info:
Comment 2 Jakub Hrozek 2016-01-04 04:52:55 EST
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2908

Note You need to log in before you can comment on or make changes to this bug.