Cannot login as an IPA user after enabling 2FA(Password + OTP) in IPA
Issue
-
Unable to login as an IPA user after enabling 2FA(Password + OTP) in IPA.
-
If 2FA(Password + OTP) and Password authentication is enabled for an IPA user, login fails with:
[root@rhel7-ipa-1 ~]# ipa user-show otpuser
User login: otpuser
First name: otp
Last name: user
Home directory: /home/otpuser
Login shell: /bin/sh
Principal name: otpuser@GSSLAB.PNQ2.REDHAT.COM
Principal alias: otpuser@GSSLAB.PNQ2.REDHAT.COM
Email address: otpuser@gsslab.pnq2.redhat.com
UID: 849600010
GID: 849600010
User authentication types: password, otp <----------
Account disabled: False
Password: True
Member of groups: ipausers
Kerberos keys available: True
[root@rhel7-ipa-1 ~]# ssh otpuser@localhost
otpuser@localhost's password: <------------- password + otp
Permission denied, please try again.
Environment
- Red Hat Enterprise Linux(RHEL) 7.1 or Later
- sssd-1.15.2-50
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.