Two-factor authentication adds extra security by making it harder for someone else to log in to your account, especially if they steal your password.
When you enable two-step authentication, when someone attempts to log in to your account with your password, Rostam will also ask for a verification code from an authentication application for proof that it’s really you.
All LSU services are required to enroll in multi-factor authentication. To comply with the enrollment, Rostam cluster enables the two-step authentication by default. It is your responsiblity to setup your OTP properly.
The best way to in enable 2FA is to use your smart phone and install a third-party code generator app. You can also install some of these apps on your desktop.
Before you get started, download one of the following authentication applications.
The follow these steps to set up two-step authentication on Rostam:
You may be requiret to re-new your password it it is your first login.
kinit, In order to interact with underlying Identity Management system (IdM) in Rostam you should have a valid Kerberos ticket.[user@rostam0 ~]$ kinit
Password for user@ROSTAM.CCT.LSU.EDU:
[user@rostam0 ~]$
klist utility to display the cached TGT.[user@rostam0 ~]$ klist
Ticket cache: KCM:868800001:39355
Default principal: user@ROSTAM.CCT.LSU.EDU
Valid starting Expires Service principal
03/02/2020 20:46:43 03/03/2020 20:46:39 krbtgt/ROSTAM.CCT.LSU.EDU@ROSTAM.CCT.LSU.EDU
ipa otptoken-add[user@rostam0 ~]$ ipa otptoken-add
------------------
Added OTP token ""
------------------
Unique ID: 9c028253-5d55-4b23-8d1a-131bdc78e3fa
Type: TOTP
Owner: user
Manager: user
Algorithm: sha1
Digits: 6
Clock interval: 30
URI: otpauth://totp/user@ROSTAM.CCT.LSU.EDU:9c028253-5d55-4b23-8d1a ...
You may see this warning:
ipa: WARNING: QR code width is greater than that of the output tty. Please resize your terminal.In that case do exactly what it says.