Support 2FA for static users in ocpasswd
Description of problem:
I would like to get opinions on supporting 2FA more cleanly with ocpasswd.
Opening this issue to get some feedback on feature support requirements, etc. I'm fine with writing it.
Version of ocserv used:
1.2.4
Client used:
Openconnect 9.12
Distributor of ocserv
OpenWRT
How reproducible:
Attempt to configure user with ocpasswd and TOTP
Actual results:
TOTP not supported for ocpasswd.
Expected results:
User should be able to get TOTP key for RFC6238-based TOTP. Clock skew should be configurable.
User should be prompted for OTP after password similar to traditional RADIUS-based OTP auth.