how to make ocserv do totp 2FA?
Wang Jian
larkwang at gmail.com
Mon May 18 10:44:13 PDT 2015
2015-05-19 0:57 GMT+08:00 David Woodhouse <dwmw2 at infradead.org>:
> On Mon, 2015-05-18 at 18:52 +0200, Nikos Mavrogiannopoulos wrote:
>>
>> Hi,
>> I would be surprised if you couldn't use the PAM backend to require two
>> passwords, a static and TOTP. If you can make your login in your system
>> to ask 2FA then you can do ocserv as well (for HOTP/TOTP at least, U2F
>> is another story).
>
> Isn't there a Google-authenticator PAM module?
>
> -- dwmw2
Google authenticator pam module has strong limitation: it requires
real unix account.
For a large organization, ocserv pam auth backend can be used to intergrate with
ldap, radius, kerberos etc.
More information about the openconnect-devel
mailing list