From 10dd404159e067a2ce60a869ddfa566c18feb121 Mon Sep 17 00:00:00 2001
From: Fabio Napoleoni <f.napoleoni@gmail.com>
Date: Sun, 7 Feb 2016 03:48:44 +0100
Subject: [PATCH] Fixes pam authentication when dealing with virtual users

---
 otp/openvpn | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/otp/openvpn b/otp/openvpn
index aa8cd0a..5179efc 100644
--- a/otp/openvpn
+++ b/otp/openvpn
@@ -1,4 +1,7 @@
 # Uses google authenticator library as PAM module using a single folder for all users tokens
 # User root is required to stick with an hardcoded user when trying to determine user id and allow unexisting system users
 # See https://github.com/google/google-authenticator/tree/master/libpam#secretpathtosecretfile--usersome-user
-auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root
\ No newline at end of file
+auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root
+
+# Accept any user since we're dealing with virtual users there's no need to have a system account (pam_unix.so)
+account sufficient pam_permit.so