container-openvpn/otp/openvpn

# Uses google authenticator library as PAM module using a single folder for all users tokens
# User root is required to stick with an hardcoded user when trying to determine user id and allow unexisting system users
# See https://github.com/google/google-authenticator/tree/master/libpam#secretpathtosecretfile--usersome-user
auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root

# Accept any user since we're dealing with virtual users there's no need to have a system account (pam_unix.so)
account sufficient pam_permit.so
Server side configuration for OTP 2016-02-06 19:23:59 +00:00			`# Uses google authenticator library as PAM module using a single folder for all users tokens`
Fixed configuration for pam module to allow login of non existing user accounts, i.e. VPN only users. 2016-02-06 20:20:34 +00:00			`# User root is required to stick with an hardcoded user when trying to determine user id and allow unexisting system users`
			`# See https://github.com/google/google-authenticator/tree/master/libpam#secretpathtosecretfile--usersome-user`
Fixes pam authentication when dealing with virtual users 2016-02-07 02:48:44 +00:00			`auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root`

			`# Accept any user since we're dealing with virtual users there's no need to have a system account (pam_unix.so)`
			`account sufficient pam_permit.so`