The disabled User Auth Type "disabled" is documented here: http://www.freeipa.org/page/V4/OTP#Authentication_Methods
However, neither the CLI nor UI expose this option. The option is implemented in the underlying C code.
What happens if 'disabled' is used with other value, e.g.:'disabled' + 'otp'? Is it equal to 'disabled'?
Disabled is a mix-in flag. It means, ignore the per-user override. In the code, I'm implementing this as:
glbl = get_global(); user = (glbl & DISABLED) ? NONE : get_user(); glbl &= ~DISABLED; user &= ~DISABLED; return user == NONE ? glbl : user;
Hence, disabled+otp will result in otp for all users irrespective of their per-user settings.
https://www.redhat.com/archives/freeipa-devel/2014-November/msg00252.html
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=919228 (Red Hat Enterprise Linux 7)
4.1.2 was released.
Patch is created only for master branch and currently is not planned for 4.1.
master:
Unlinking BZ 919228 since it was pushed only to master.
Metadata Update from @npmccallum: - Issue assigned to npmccallum - Issue set to the milestone: FreeIPA 4.2 Backlog
Login to comment on this ticket.