Create a PAM module that enforce GitLab 2FA over GIT SSH
Problem
There's customer demand to add support for 2FA over the command (for example https://fortinet.com), including 2FA support on command line for SSH. We should prioritize self-managed.
Proposal
Create a GitLab Pluggable Authentication Module (PAM) to enforce GitLab 2FA behaviour, this module should exchange info with GitLab API about the user and if the user is using 2FA should ask for the token and exchange with the GitLab API for validation
Questions
PAM are usually delivered as .SO (Dynamic Library Objects), and the are usually developed on C/C++ or Python, we can check what are the options nowadays maybe Golang is now even an option
Spike: sarcila/gitlab-shell!1
Edited by Sebastián Arcila Valenzuela