Not sure if it's what you're looking for, but I developed a bash script to auto-generate tokens daily for all users not in my service-accounts group if they did not exist. It then emails a QR code to the user and a notification email to the management email.  This may not be the best way to do it, but it works for us.


On Thu, Mar 11, 2021 at 8:39 AM dd4321 Dey via FreeIPA-users <> wrote:

Is it possible to add/generate OTP token without using IPA user interface ? Due to security reasons, i don't want to give access to IPA web interface to users. Recently, i have configured password manager which integrates OpenLDAP/IPA server. So each user can change their password using password manager eliminating needs for accessing IPA web UI. In the same way, is it possible to do the same i.e generating OTP token using any third party application ?


FreeIPA-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:
Do not reply to spam on the list, report it: