On 2/3/2018 3:10 PM, John Ratliff via FreeIPA-users wrote:
I'm trying to setup freeipa with OTP. I created a TOTP under my
freeipa and updated my user to use 2FA (password + OTP).
When I try to do sudo, it only asks for my password and it fails every
time (presumably because it isn't getting the OTP first).
I didn't see anything useful in the sss_sudo logs, even after adding
debug_level = 6 in the config.
What can I do to further troubleshoot this?
Okay, so the problem wasn't that it wasn't working; it's that I didn't
understand the prompts. Debian only prompts for password, but wants
password + OTP on the same field. CentOS prompts for First Factor /
Is there any way I can make it so that on Debian clients it asks for the
factors separately as well?