client: enable ChallengeResponseAuthentication in sshd_config

In order to enable SSSD smart prompting and allow it to ask for 1FA and 2FA separately, ChallengeResponseAuthentication should be set to yes. This change will enable better processing of the 2FA value and it will also enable other features, like allow SSSD to make the 2FA option in some cases and have a way of informing user that 2FA is optional. https://fedorahosted.org/freeipa/ticket/5703 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2016-03-10 19:01:33 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2016-03-18 09:21:58 +0100
commit: 04d4519ed545df6ca156cbccaab059cfc3338bf6 (patch)
tree: f7f7f92624b6587275720bdbd8cabb266b857d41 /client
parent: d6f03da7535565daa936b79c445b835410333974 (diff)
download: freeipa-04d4519ed545df6ca156cbccaab059cfc3338bf6.tar.gz
freeipa-04d4519ed545df6ca156cbccaab059cfc3338bf6.tar.xz
freeipa-04d4519ed545df6ca156cbccaab059cfc3338bf6.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/client/ipa-client-install b/client/ipa-client-install
index f42d87755..82e5c4cb0 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -1399,6 +1399,7 @@ def configure_sshd_config(fstore, options):
         'KerberosAuthentication': 'no',
         'GSSAPIAuthentication': 'yes',
         'UsePAM': 'yes',
+        'ChallengeResponseAuthentication': 'yes',
     }
 
     if options.sssd and file_exists(paths.SSS_SSH_AUTHORIZEDKEYS):
author	Martin Basti <mbasti@redhat.com>	2016-03-10 19:01:33 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2016-03-18 09:21:58 +0100
commit	04d4519ed545df6ca156cbccaab059cfc3338bf6 (patch)
tree	f7f7f92624b6587275720bdbd8cabb266b857d41 /client
parent	d6f03da7535565daa936b79c445b835410333974 (diff)
download	freeipa-04d4519ed545df6ca156cbccaab059cfc3338bf6.tar.gz freeipa-04d4519ed545df6ca156cbccaab059cfc3338bf6.tar.xz freeipa-04d4519ed545df6ca156cbccaab059cfc3338bf6.zip