If a OTP token has been created by a user, the user is still able to login using a password. This should be either
What is the value of the user auth config in your setup?
After talking with the user on IRC, this is a configuration error.
Nathaniel, could you please elaborate a little bit? I did not see the IRC discussion and would like to know what wrong.
The problem was, that user-auth-type was set to "password,otp" after a user has been created. I used this setting, because I thought it's necessary to allow a password based login to initially create a token and let freeipa change this setting automatically to otp only after a token has been created by a user. But apparently an initial password based login is possible also when user-auth-type is set to otp only.
This should be highlighted in the (upcoming) documentation.
Ok, thanks!
Metadata Update from @tscherf: - Issue assigned to npmccallum - Issue set to the milestone: FreeIPA 4.0.2
Log in to comment on this ticket.