Hi,
[I'm running Kerberos inside FreeIPA, so plain Kerberos might be
different...]
Ken Hornstein writes:
>>We'd like to be able to leverage 2fa for some services (admins) and some
>>services (ssh logins) but not have to pump a 2fa code into, say, our mail
>>applications. Is there a way to
Ken Hornstein writes:
>>I've been running Privacyidea (https://www.privacyidea.org/) for some
>>time to manage the tokens. Exposed the Application with RADIUS and told
>>FreeIPA to authenticate against RADIUS. Had some rough edges, but was
>>usable for me and is able to manage many kinds of token
Greg Hudson writes:
> Of course, the program itself can provide configuration for the keytab
> file. I couldn't find any gss_ or krb5_ calls in the Postfix source
> code (looking at Viktor Dukhovni's git mirror), so I don't have any
> immediate insight as to whether that's currently possible or
