On Fri, 19 Mar 2021 at 15:46, David Harvey <[email protected]> wrote:
> Hello again list, > > Is it possible to differentiate between a kerberos ticket that was granted > with OTP vs one that would not (for the purpose of requiring it for `ipa > some-privileged command` ) > > Aim: Protect servers with OTP but not always require it for workstations. > But to require OTP for the privilege that ipa commands > afford powerful users from their workstation. > > Other potential avenues (full admission - less research performed) - I'd > be interested in would be periodic requirements for OTP, but not for say > screen unlock events. > I assume nothing has changed on this since "[Freeipa-users] different security policy for login(password+otp) and screenlock (password only) for workstation" > > Thanks as always, > > David >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
