On to, 22 maalis 2018, Sean Hogan via FreeIPA-users wrote:
Hello,
We are implementing OTP for a new deployment and we can log in with the otp codes however when trying to sudo it fails. We would like to use the 2fa to log in but single factor is ok for sudo escalation. Is OTP supposed to be getting involved when issuing sudo commands?
Yes, it should work.
Look at SSSD troubleshooting guide to produce SSSD logs when sudo tries PAM authentication. https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html