Boris Epstein wrote: > Thanks. It makes sense to be able to select login methods under some > circumstances - but do I have an option of forcing the user to log in using > a predetermined set of methods (for instance, password and then a secure > key, or password and Yubkey, or password and SSL key)?
If you want to require two methods, you have to specify a combined method, with an appropriate utility in /usr/libexec/auth. This is tricky because the API only allows for one challenge/response, not a series of them. (Unless I'm mistaken.)
