--On Thursday, February 1, 2024 10:55 AM +0100 Bastian Tweddell <b.twedd...@fz-juelich.de> wrote:
Our setup is to use TOTP as 2FA for ssh logins against the centralized LDAP infrstructure. The ssh-login 1FA is ssh pubkey (also in LDAP) and 2FA is TOTP. To achieve this we use a PAM module which does an ldapbind against the user-DN which has the userPassword schema '{TOTP1}'. Maybe I wrong or outdated here and slapo-opt also supports TOTP-only authentication now?
Ok, makes sense. Yeah, OTP does not support that scenario at this time. --Quanah