support optional TOTP for authentication (try 2) #27
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It requires a pam_oath in a version that implements the no_usersfile_okay argument. Provisionally using 2.6.12 as a version, the patch is not yet merged upstream, but this would be the next upstream version. Patch:
https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/42
pam_oath should be enabled in the cockpit pam config by appending:
auth [user_unknown=ignore success=ok] pam_oath.so usersfile=${HOME}/.pam_oath_usersfile no_usersfile_okay window=20 digits=6
(cherry picked from commit 09b06fd) Thus restored it, and reverts commit 44ce519.