Hello,
Is there a way to have multiple tokens (sets of shared secrets and
counter values/timestamps in /etc/users.oath) for a single account in
pam_oath? I have a couple of Yubikeys, a Nano which I keep in my home
laptop and a normal one which is on my keyring for travelling. I'd
love
to be able to use either token to authenticate myself in a robust way
(i.e. not just set the "window" parameter to be a really large number
like 50). Is this possible? I figure it might be do-able by chaining
together a couple of users.oath files in successive PAM modules, but
that
seems a bit ugly.
Cheers!
-- Tim