Bug 1833269 - Let admins choose the default hash/digits for user-created OTPs
Summary: Let admins choose the default hash/digits for user-created OTPs
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.4
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: 8.0
Assignee: Florence Blanc-Renaud
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-05-08 09:38 UTC by Christian Heimes
Modified: 2023-07-31 22:37 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Feature Request
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Fedora Pagure freeipa issue 8285 0 None None None 2020-05-08 09:38:50 UTC
Red Hat Issue Tracker FREEIPA-7751 0 None None None 2022-01-29 14:39:31 UTC

Description Christian Heimes 2020-05-08 09:38:02 UTC 
This bug is created as a clone of upstream ticket:
https://pagure.io/freeipa/issue/8285

### Request for enhancement
Regular users are forbid to choose the security options for their OTP token from the Web UI, which is hard-coded to SHA1 hash algorithm and 6-digits password.

The solutions proposed in #6430 is still insufficient when comes to strict security policies (SHA512/8-digits).

We need a global setting from which admins can choose the default hash/digits combinations for user-created OTPs.


#### Version/Release/Distribution
~~~~
   $ rpm -q ipa-server ipa-client 389-ds-base pki-ca krb5-server
ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64
ipa-client-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64
389-ds-base-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64
pki-ca-10.7.3-1.module+el8.1.0+3964+500fc130.noarch
krb5-server-1.17-9.el8.x86_64
~~~~
Note You need to log in before you can comment on or make changes to this bug.