Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1198796
Description of problem: IPA Web GUI displays 3 options for "User authentication types": [] Password [] Radius [] Two factor authentication (password + OTP) User will expect that selection of authentication type will apply consistently to both Kerberos and LDAP authentication. However, from the docs: "If you choose the password and two-factor authentication types at once, Kerberos still enforces authentication with both password and OTP. LDAP allows authentication with either one of the authentication types in this situation." "If you choose the RADIUS authentication type together with another authentication type, Kerberos always uses RADIUS, but LDAP never does. LDAP only recognizes the password and two-factor authentication options." Please add text to the UI to describe this non-consistency, to reduce the risk of an administrator misunderstanding and using settings causing weaker security than anticipated. Version-Release number of selected component (if applicable): RHEL 7.1 How reproducible: Always Steps to Reproduce: 1. UI only shows three options, no descriptive text 2. 3. Actual results: - Expected results: - Additional info: -
Moving to 4.2.1, not a blocker for 4.2.
master:
ipa-4-2:
Metadata Update from @pvoborni: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.