Hi al,

OTP using IPA 4.5 on CentOS seems to work well. However: I can force a user to use OTP and/or a host.

Selecting a user, ALL authentication needs OTP. Since sudo in this case will ask for OTP also, this turn out quite inconvenient. Is is possible to select only certain services for OTP. for example:

login using SSH --> OTP
login ftp --> OTP
console --> password only
sudo  --> password only

Winfried