Hi team,

I would like add a "Note" on below IdM chapters:

7.4. Configuring a RADIUS server for OTP validation in IdM
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/logging-in-to-the-ipa-web-ui-using-one-time-passwords_configuring-and-managing-idm#enabling-the-one-time-password-in-the-web-ui_logging-in-to-ipa-in-the-web-ui-using-a-password

7.4. Configuring a RADIUS server for OTP validation in IdM
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/accessing_identity_management_services/logging-in-to-the-ipa-web-ui-using-one-time-passwords_accessing-idm-services#enabling-the-one-time-password-in-the-web-ui_logging-in-to-ipa-in-the-web-ui-using-a-password

-------------------------------------------------------------------

Recently we provided the CVE (https://access.redhat.com/security/cve/cve-2024-3596) in order to protec Radius server against attack or prevent  vulnerabilities on it, however if customer decide use RADIUS/TLS or RADIUS/DTLS it can broke IDM authentication.

In this case we would recommend let CVE aside and create a dedicated tunnel from IdM nodes to radius server and therefore authorize only IdM machine to connect on radius.

Cilmar Oliveira