I'm running FreeIPA version 3.3.4. I've done a little research, and it
seems like this version is missing support for OTP, but I could have sworn
that I found a page that said that OTP was finished and ready to use. And
in the server installation logs, I found some references to 'ipa-otpd'.
I also remember reading about an otp plugin for FreeIPA, but it doesn't
seem to be installed on my server.
Our case is that we want to require OTP codes for SSH authentication. Even
for public key authentication, we would like to add a ForceCommand
directive to ssh config that would require the OTP code. It would be
awesome if that could be configured on a per-server basis in FreeIPA.
Is OTP production ready? I found the 'Red Hat Test Day' page where people
were testing OTP. If 3.3.4 doesn't support OTP, I'm happy to compile from
source. Where can I find the source / branch with the most current OTP
features? Will it be included in 4.0.0? Or should I checkout the 'otpui'
 branch on GitHub?
Very keen to start using the feature, and I'd be happy to help report and
fix any bugs. But at the same time, I don't want to compromise our security
if this feature hasn't been properly audited, so advice would be
Freeipa-users mailing list