krb5 1.12 is gaining support for forwarding OTP authentications to a RADIUS server. FreeIPA needs an intelligent companion daemon to do the right thing. See designs here: http://freeipa.org/page/V3/OTP
OTP effort is to be released as part of 3.2.x release.
master:[[BR]] 5b58348 Add OTP support to ipa-pwd-extop[[BR]] 1e1bab4 Remove unnecessary prefixes from ipa-pwd-extop files[[BR]] 2037546 Add the krb5/FreeIPA RADIUS companion daemon[[BR]] 5d51ae5 ipa-kdb: Add OTP support[[BR]] cb68935 Add IPA OTP schema and ACLs[[BR]] bc26d87 Add ipaUserAuthType and ipaUserAuthTypeClass
ipa-3-2:[[BR]] a50caa1 Add OTP support to ipa-pwd-extop[[BR]] 92e1700 Remove unnecessary prefixes from ipa-pwd-extop files[[BR]] c412660 Add the krb5/FreeIPA RADIUS companion daemon[[BR]] 73a0be5 ipa-kdb: Add OTP support[[BR]] 9381891 Add IPA OTP schema and ACLs[[BR]] 2a5aaff Add ipaUserAuthType and ipaUserAuthTypeClass
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1108806
There is already a 2FA feature Bugzilla.
Metadata Update from @npmccallum: - Issue assigned to npmccallum - Issue set to the milestone: FreeIPA 3.2.x - 2013/05 (bug fixing)
Log in to comment on this ticket.