Extending LDP timeouts for 2fa users
Adam Bishop
Adam.Bishop at jisc.ac.uk
Tue Feb 18 06:16:25 EST 2020
We have 2fa implemented at the LDAP level. When a user authenticates with a token, an attribute is added to the users entry (ipaUserAuthType=otp).
Can I change the user timeout based on the presence of this LDAP attribute? i.e., if a user has authenticated with a token, give them an idle timeout of 2 hours, lifetime of 1 day instead of our default 30 minutes/2 hours.
Adam Bishop
Senior security architect (systems)
gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460
t: +44 (0)1235 822 245
xmpp: adamb at jabber.dev.ja.net
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.
For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice
More information about the users
mailing list