As an administrator I want to know when a client enrollment using a One-Time Password (OTP) fails. This could indicated that the OTP has been hijacked.
An audit event should be created which details the failure.
On the client, the server, or both?
Good question. I had in mind the server but it seems like it would make sense on the client as well to correlate things.
Fleet Commander is working on an auditing framework as a GSOC project. We may be able to build on that. https://github.com/fleet-commander/fc-admin/issues/161
Metadata Update from @rcritten:
- Issue priority set to: normal
- Issue set to the milestone: FreeIPA 4.8
to comment on this ticket.