Hello,
Is there a way to have multiple tokens (sets of shared secrets and counter values/timestamps in /etc/users.oath) for a single account in pam_oath? I have a couple of Yubikeys, a Nano which I keep in my home laptop and a normal one which is on my keyring for travelling. I'd love to be able to use either token to authenticate myself in a robust way (i.e. not just set the "window" parameter to be a really large number like 50). Is this possible? I figure it might be do-able by chaining together a couple of users.oath files in successive PAM modules, but that seems a bit ugly.
Cheers!
-- Tim
|