Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4813

Unable to kinit with IPA user(if 2FA is enabled in IPA)

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • None
    • Moderate
    • rhel-idm-ipa
    • ssg_idm
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None
    • 57,005

      Description of problem:
      If 2FA(password + otp) is enabled for IPA user it cannot perform kinit.
      kinit fails with:

      $ kinit testuser
      kinit: Preauthentication failed while getting initial credentials

      Version-Release number of selected component (if applicable):
      Latest version of IPA and sssd

      How reproducible:
      Always

      Steps to Reproduce:
      1. As admin, create a new user with password.
      2. Enable OTP authentication for this user.
      3. Create an either TOTP or HOTP token for this user.
      4. Run kinit as this user.

      Actual results:

      $ kinit testuser
      kinit: Generic preauthentication failure while getting initial credentials

      Expected results:
      kinit should work for 2FA(password + otp) enabled IPA user

      Additional info:
      This is clone of upstream ticket https://pagure.io/freeipa/issue/4411

              frenaud@redhat.com Florence Renaud
              rhn-support-asakure Akshay Sakure
              Florence Renaud Florence Renaud
              IPA QE Bot IPA QE Bot
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: