#2988 [RFE] Make OTP/2FA authentication optional
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1325809

Description of problem:

It OTP authentication is enabled in the IPA server for a user only OTP
authentication is possible although the user has a long-term password which can
be used for single-factor authentication as well. It would be good if SSSD can
do 1FA as well if only one factor was given at the login prompt.

Additionally the documentation might be enhanced to illustrate how the
credentials can be promoted from 1FA to 2FA by calling 'su' or switching to the
screen saver. This will be important as soon as applications become aware of
Authentication Indicators see e.g. #1224057.

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD 1.14 beta
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

owner: somebody => sbose
status: new => assigned

Fields changed

patch: 0 => 1

Fields changed

milestone: SSSD 1.14 beta => SSSD 1.14 alpha

The patch is on the list, but I need to release the Alpha tarball today, moving to Beta.

milestone: SSSD 1.14 alpha => SSSD 1.14 beta

The patch is on the list, but I need to release the Beta tarball today, moving to 1.14.0.

milestone: SSSD 1.14 beta => SSSD 1.14.0

Downstream BZ->increase in priority

priority: major => critical

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.14.0

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4029

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.