> We are using Okta's RADIUS service for 2fa to network gear currently, 
> but looking to switch to tacacs+ for many reasons. Would prefer to 
> implement tacacs+ with two-factor if possible.

tac_plus-ng from https://www.pro-bono-publico.de/projects/tac_plus-ng.html has 
LDAP and PAM backends, among others, so I believe you can implement 2FA through 
them. I haven't implemented this yet but it's on my to-do list (and I'm also 
warily watching passkey developments and wondering how much effort I should put 
into something that likely won't be best practice in another year or two).

I see Marc Huber is also promoting/supporting tacacs+ extension for SSH public 
key auth


Reply via email to