Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4843

Let admins choose the default hash/digits for user-created OTPs

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-8.4.0
    • ipa
    • None
    • 1
    • rhel-idm-ipa
    • ssg_idm
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • RHEL JIRAS rhel-idm-ipa
    • None
    • None
    • If docs needed, set a value
    • None
    • 57,005

      This bug is created as a clone of upstream ticket:
      https://pagure.io/freeipa/issue/8285

          1. Request for enhancement
            Regular users are forbid to choose the security options for their OTP token from the Web UI, which is hard-coded to SHA1 hash algorithm and 6-digits password.

      The solutions proposed in #6430 is still insufficient when comes to strict security policies (SHA512/8-digits).

      We need a global setting from which admins can choose the default hash/digits combinations for user-created OTPs.

            1. Version/Release/Distribution
              ~~~~
              $ rpm -q ipa-server ipa-client 389-ds-base pki-ca krb5-server
              ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64
              ipa-client-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64
              389-ds-base-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64
              pki-ca-10.7.3-1.module+el8.1.0+3964+500fc130.noarch
              krb5-server-1.17-9.el8.x86_64
              ~~~~

              frenaud@redhat.com Florence Renaud
              cheimes-hmsidm Christian HMSIDM Heimes (Inactive)
              Florence Renaud Florence Renaud
              IPA QE Bot IPA QE Bot
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: