In WebUI we can enable pasword radius auth-types. "ipa user-mod --help" says: --user-auth-type=['password', 'radius', 'otp']
Trying to set multiple values doesn't work and I didn't see a documentation other than --helpp for it:
$ ipa user-mod jk --user-auth-type="['password','otp']" ipa: ERROR: invalid 'user_auth_type': must be one of 'password', 'radius', 'otp' $ ipa user-mod jk --user-auth-type=otp,password ipa: ERROR: invalid 'user_auth_type': must be one of 'password', 'radius', 'otp'
Setting a single value works ok. This is with freeipa 4.4 from CentOS 7.3
I just stumbled across https://fedorahosted.org/sssd/wiki/DesignDocs/PromptingForMultipleAuthenticationTypes and there it is:
Finally both authentication methods are enabled on the server:
$ ipa user-mod test_user --user-auth-type=otp --user-auth-type=password
And that works - so from my point of view the ticket can be closed. I'm not sure if additional documentation (and where) would have helped me.
Or you can use bash expansion as with other FreeIPA multivalued attributes which in essence does what is in comment 2
$ ipa user-mod test_user --user-auth-type={otp,password}
works for me now
Metadata Update from @jh23453: - Issue assigned to someone - Issue set to the milestone: Tickets Deferred
Login to comment on this ticket.