Hi All,
Currently we use a kerberos based FreeIPA to authenticate Cyrus users using SASL to workstations and iphones, and username passwords for Android clients.
We're moving towards a MFA approach using Smartcard/Yubikey solution using either FIDO2 or certs.
This leaves the Android infrastructure in a hole a they can't do kerberos. Our preference isn't to block android clients however it's looking like that's will be the result as they just don't fit.
Any thoughts are appreciated, we're not dropping kerberos/freeipa as it works really well for us at the moment.
Kind Regards
