FreeIPA Two Factor Authentication test day

Adam Williamson awilliam at
Mon Jun 3 22:28:53 UTC 2013

Forwarding for the FreeIPA Team:

The FreeIPA team is happy to welcome you to a Fedora Test Day that is
being held on Thursday, June 6th.

We invite you to take part in testing of the new OTP authentication
feature that will become available in upcoming FreeIPA 3.2 upstream
release and will be a part of Fedora 19. The feature is based on the new
extended capabilities of the MIT Kerberos [1] and 389 directory server [2].

The feature would allow users to authenticate against FreeIPA and
acquire Kerberos tickets using either OTP tokens issued by 3rd party
vendors or by FreeIPA server itself.

In the case the token is provided by a 3rd party vendor like RSA, VASCO,
Yubico, etc. the authentication data is forwarded to the external
authentication server over RADIUS protocol. In this scenario user input
is supposed to consist of the two factors as prescribed by the vendor
and will be handled by the external server. In case the OTP token is
issued by FreeIPA itself the user can authenticate using two factors one
of which is his Kerberos password and another one is a token issued for
him. A token can be provisioned to his mobile device and used via Google
authenticator app.

This is an initial phase of the first ever integrated two factor
authentication solution leveraging Kerberos SSO. When complete, users
will be able to authenticate using different authentication methods and
acquire tickets that will allow them to access different services
within the enterprise depending on the strength of their authentication.

More detailed information about the feature can be found here:

To read more about the test day and suggested tests see the following

Thank you for your help and participation!

FreeIPA team

test-announce mailing list
test-announce at

Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | adamwfedora

More information about the devel mailing list