On 05/28/2013 11:41 AM, Dmitri Pal wrote: > The FreeIPA team is happy to welcome you to a Fedora Test Day that is > being held on Thursday, June 6th. > > We invite you to take part in testing of the new OTP authentication > feature that will become available in upcoming FreeIPA 3.2 upstream > release and will be a part of Fedora 19. The feature is based on the new > extended capabilities of the MIT Kerberos [1] and 389 directory server [2]. > > The feature would allow users to authenticate against FreeIPA and > acquire Kerberos tickets using either OTP tokens issued by 3rd party > vendors or by FreeIPA server itself. > > In the case the token is provided by a 3rd party vendor like RSA, VASCO, > Yubico, etc. the authentication data is forwarded to the external > authentication server over RADIUS protocol. In this scenario user input > is supposed to consist of the two factors as prescribed by the vendor > and will be handled by the external server. In case the OTP token is > issued by FreeIPA itself the user can authenticate using two factors one > of which is his Kerberos password and another one is a token issued for > him. A token can be provisioned to his mobile device and used via Google > authenticator app. > > This is an initial phase of the first ever integrated two factor > authentication solution leveraging Kerberos SSO. When complete, users > will be able to authenticate using different authentication methods and > acquire tickets that will allow them to access different services > within the enterprise depending on the strength of their authentication. > > More detailed information about the feature can be found here: > https://fedoraproject.org/wiki/Feature/FreeIPA_Two_Factor_Authentication
https://fedoraproject.org/wiki/Features/FreeIPA_Two_Factor_Authentication > > To read more about the test day and suggested tests see the following > link > https://fedoraproject.org/wiki/Test_Day:2013-06-06_FreeIPA_Two_Factor_Authentication > > Thank you for your help and participation! > > FreeIPA team > > [1] http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS > [2] https://github.com/nkinder/otp_plugin > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
