I am using SSSD in LDAP-only mode (no kerberos at all), communicating with FreeIPA. For certain hosts, I want to require sssd to demand OTP.
Right now, they are allowing password OR password+OTP. But my 'ipa show-host' output for the hosts in question have "Authentication Indicators: otp". What do I need to do for sssd to only accept password+OTP ?
Thank you.