The OTP authentication service module for PAM, pam_otp, provides functionality for only PAM authentication. Users are optionally sent a challenge and then authenticated via the OTP database.
Enable logging output with username and challenge response.
Users set to a status of inactive will return PAM_SUCCESS when the allow_inactive option is set. The default behavior for inactive users is to return PAM_AUTH_ERR.
The HOTP challenge will include the current count for the user when the display_count option is set. The default behavior will not display the count unless the user record flags field has OTP_USER_FLAGS_DSPCNT set.
A user not in the OTP database will be denied access with the require_db_entry option is set. By default users not in the OTP database are permitted.
alternate_otpdb is used as the OTP database.