diff options
author | Martin Basti <mbasti@redhat.com> | 2016-03-10 19:01:33 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-03-18 09:21:58 +0100 |
commit | 04d4519ed545df6ca156cbccaab059cfc3338bf6 (patch) | |
tree | f7f7f92624b6587275720bdbd8cabb266b857d41 /client | |
parent | d6f03da7535565daa936b79c445b835410333974 (diff) | |
download | freeipa-04d4519ed545df6ca156cbccaab059cfc3338bf6.tar.gz freeipa-04d4519ed545df6ca156cbccaab059cfc3338bf6.tar.xz freeipa-04d4519ed545df6ca156cbccaab059cfc3338bf6.zip |
client: enable ChallengeResponseAuthentication in sshd_config
In order to enable SSSD smart prompting and allow it to ask for 1FA and
2FA separately, ChallengeResponseAuthentication should be set to yes.
This change will enable better processing of the 2FA value and it will
also enable other features, like allow SSSD to make the 2FA option in
some cases and have a way of informing user that 2FA is optional.
https://fedorahosted.org/freeipa/ticket/5703
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'client')
-rwxr-xr-x | client/ipa-client-install | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/client/ipa-client-install b/client/ipa-client-install index f42d87755..82e5c4cb0 100755 --- a/client/ipa-client-install +++ b/client/ipa-client-install @@ -1399,6 +1399,7 @@ def configure_sshd_config(fstore, options): 'KerberosAuthentication': 'no', 'GSSAPIAuthentication': 'yes', 'UsePAM': 'yes', + 'ChallengeResponseAuthentication': 'yes', } if options.sssd and file_exists(paths.SSS_SSH_AUTHORIZEDKEYS): |