2015-05-19 0:57 GMT+08:00 David Woodhouse <dwmw2 at infradead.org>: > On Mon, 2015-05-18 at 18:52 +0200, Nikos Mavrogiannopoulos wrote: >> >> Hi, >> I would be surprised if you couldn't use the PAM backend to require two >> passwords, a static and TOTP. If you can make your login in your system >> to ask 2FA then you can do ocserv as well (for HOTP/TOTP at least, U2F >> is another story). > > Isn't there a Google-authenticator PAM module? > > -- dwmw2 Google authenticator pam module has strong limitation: it requires real unix account. For a large organization, ocserv pam auth backend can be used to intergrate with ldap, radius, kerberos etc.
