John Ratliff via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
Okay, so the problem wasn't that it wasn't working; it's that I didn't understand the prompts. Debian only prompts for password, but wants password + OTP on the same field. CentOS prompts for First Factor / Second Factor.
Is there any way I can make it so that on Debian clients it asks for the factors separately as well?
Can you please look at /etc/pam.d? Debian uses pam_unix to get the password+OTP, CentOS/Fedora use pam_sss for non-local users. I've added the following to /usr/share/pam-configs and use that instead of pam_unix and pam_sss.
Jochen