[Freeipa-users] Require OTP on a single service or host

Hello, I've been trying to work out how to require OTP on a single service or host. I've set the OTP authentication indicator on a test host but so far the only way I've gotten OTP to work is by enabling it as an authentication type for my user, but when I do this, regular password based login no longer works on other hosts. Is there something I'm doing wrong or just not understanding about how this is supposed to work? As a supplemental question, how will this impact LDAP based login? Will password + OTP work with ldap clients? Thanks! John