Hi all,
I'm having problems with HOTP with hardware tokens. They are Yubkey
Neos, but physical access to the server is not a viable solution.
I've configured keys and converted the hex to base 32. I've also
generated HOTP via FreeIPA from the GUI and the CLI and converted
those to hex and wrote those to the key. Both approaches have been
tested and the generated OTPs appear to be valid.
The issue is that when HOTP is enabled OTP does not appear to work.
I've tested via kinit with an armored request and no pre-auth prompt
for the OTP is presented. However, when tested with TOTP a prompt does
appear and works appropriately.
Perusing the list and web led me to a bug that was specific to expired
passwords, which is not what I'm dealing with (AFAIK). I'm wondering
if anyone else is seeing this issue - HOTP not working when TOTP does
work.
Thanks,
--Spencer