Issue #2908: [RFE] Support OTP logins for AD trust users - sssd

SSSD / sssd

#2908 [RFE] Support OTP logins for AD trust users

Closed: cloned-to-github 3 years ago by pbrezina. Opened 8 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1292363

Description of problem:
Allow defining OTP token for AD user logging in Linux machine. This is not for
GSSAPI use case, this is for log-in with user password. Alexander already did a
prototype at DevConf 2015.

At the moment it should be possible to assign a token already and do an
ldapsearch with password+token. However, we need to figure out the prompting
part and whether we need to only do an ldapsearch or also kinit (provided we
know the long-term password part)


Version-Release number of selected component (if applicable):
sssd-1.14

How reproducible:


Steps to Reproduce:
1. set up IPA-AD trust
2. log in with AD user ID and password+pin combo
3.

Actual results:


Expected results:


Additional info:

jhrozek commented 8 years ago

This work requires improvements in libkrb5 that are not available yet, moving out of 1.14

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: SSSD 1.14 alpha => SSSD 1.15 beta
review: True => 0
selected: =>
testsupdated: => 0

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD Future releases (no date set yet)

7 years ago

Metadata Update from @thalman:
- Custom field design_review reset (from 0)
- Custom field mark reset (from 0)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None
- Issue tagged with: bugzilla

4 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3949

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

blocker

Milestone

SSSD Future releases (no date set yet)

type

enhancement

component

SSSD

version

None

selected

None

testsupdated

false

patch

false

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1292363

design_review

false

review

false

changelog

None

keywords

None

coverity

None

mark

false

blocking

None

design

None

sensitive

false

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#2908 [RFE] Support OTP logins for AD trust users Closed: cloned-to-github 3 years ago by pbrezina. Opened 8 years ago by jhrozek.

Metadata

bugzilla

#2908 [RFE] Support OTP logins for AD trust users

Closed: cloned-to-github 3 years ago by pbrezina. Opened 8 years ago by jhrozek.