From ab00dce3f50042062f7171c6a6ab5ea8f494790f Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Mon, 16 Dec 2013 16:19:08 -0500 Subject: Add OTP last token plugin This plugin prevents the deletion or deactivation of the last valid token for a user. This prevents the user from migrating back to single factor authentication once OTP has been enabled. Thanks to Mark Reynolds for helping me with this patch. --- .../ipa-otp-lasttoken/otp-lasttoken-conf.ldif | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 daemons/ipa-slapi-plugins/ipa-otp-lasttoken/otp-lasttoken-conf.ldif (limited to 'daemons/ipa-slapi-plugins/ipa-otp-lasttoken/otp-lasttoken-conf.ldif') diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/otp-lasttoken-conf.ldif b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/otp-lasttoken-conf.ldif new file mode 100644 index 000000000..767883848 --- /dev/null +++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/otp-lasttoken-conf.ldif @@ -0,0 +1,15 @@ +dn: cn=IPA OTP Last Token,cn=plugins,cn=config +changetype: add +objectclass: top +objectclass: nsSlapdPlugin +objectclass: extensibleObject +cn: IPA OTP Last Token +nsslapd-pluginpath: libipa_otp_lasttoken +nsslapd-plugininitfunc: ipa_otp_lasttoken_init +nsslapd-plugintype: preoperation +nsslapd-pluginenabled: on +nsslapd-pluginid: ipa-otp-lasttoken +nsslapd-pluginversion: 1.0 +nsslapd-pluginvendor: Red Hat, Inc. +nsslapd-plugindescription: IPA OTP Last Token plugin +nsslapd-plugin-depends-on-type: database -- cgit