2016-02-06 19:23:59 +00:00
|
|
|
# Uses google authenticator library as PAM module using a single folder for all users tokens
|
2016-02-06 20:20:34 +00:00
|
|
|
# User root is required to stick with an hardcoded user when trying to determine user id and allow unexisting system users
|
2019-01-22 10:39:54 +00:00
|
|
|
# See https://github.com/google/google-authenticator-libpam#usersome-user
|
2016-02-07 02:48:44 +00:00
|
|
|
auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root
|
|
|
|
|
|
|
|
# Accept any user since we're dealing with virtual users there's no need to have a system account (pam_unix.so)
|
|
|
|
account sufficient pam_permit.so
|