On 2/3/2018 3:10 PM, John Ratliff via FreeIPA-users wrote:
I'm trying to setup freeipa with OTP. I created a TOTP under my user in freeipa and updated my user to use 2FA (password + OTP).
When I try to do sudo, it only asks for my password and it fails every time (presumably because it isn't getting the OTP first).
I didn't see anything useful in the sss_sudo logs, even after adding debug_level = 6 in the config.
What can I do to further troubleshoot this?
Okay, so the problem wasn't that it wasn't working; it's that I didn't understand the prompts. Debian only prompts for password, but wants password + OTP on the same field. CentOS prompts for First Factor / Second Factor.
Is there any way I can make it so that on Debian clients it asks for the factors separately as well?
Thanks.