Support of Two Factor auth in absence of OIDC

I’m trying to configure our OOD instance to use the same two factor authentication service (LinOTP + Radius + SSH/PAM) that our users use for SSH’ing into our cluster. We do not have a fully functional OIDC setup so I cannot use something like Keycloak as suggested in the documentation. Instead I’m trying to get it working using mod_intercept_form_submit + mod_authnz_pam (

Anyone with experience trying similar options with their OOD installation ? Please let me know we can share notes.


Maybe @tdockendorf can shed some light on this request?

Sorry, I have no experience with mod_intercept_form. If the authentication can be performed via SSSD based logins via SSH and the OTP step can be setup to autopush or require no input from the user, there is the possibility of using Keycloak’s SSSD integration.