Hi all,
I'm having problems with HOTP with hardware tokens. They are Yubkey Neos, but physical access to the server is not a viable solution.
I've configured keys and converted the hex to base 32. I've also generated HOTP via FreeIPA from the GUI and the CLI and converted those to hex and wrote those to the key. Both approaches have been tested and the generated OTPs appear to be valid.
The issue is that when HOTP is enabled OTP does not appear to work. I've tested via kinit with an armored request and no pre-auth prompt for the OTP is presented. However, when tested with TOTP a prompt does appear and works appropriately.
Perusing the list and web led me to a bug that was specific to expired passwords, which is not what I'm dealing with (AFAIK). I'm wondering if anyone else is seeing this issue - HOTP not working when TOTP does work.
Thanks, --Spencer
freeipa-users@lists.fedorahosted.org