Add auth_level functionality

[BlackLotus]

A simple addition to authentication functionality.
An optional min_auth_level to check if multi factor authentication is used

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.02%. Comparing base (956b4fb) to head (b50f892).
Report is 39 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #84      +/-   ##
==========================================
+ Coverage   70.10%   71.02%   +0.91%     
==========================================
  Files           6        6              
  Lines         281      283       +2     
  Branches       45       44       -1     
==========================================
+ Hits          197      201       +4     
+ Misses         73       71       -2     
  Partials       11       11              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[baszoetekouw]

Thanks for the PR! In principle this looks good; I'll test it and merge is if everything checks out.

Could you maybe tell me a bit about how you're using pam-weblogin? We've developed the server/weblogin-daemon part mainly for testing (we have a separate implementation as part of a larger system in https://github.com/SURFscz/SBS), so I'm curious if you're using this in production. If so, it might be worthwhile to add unittests etc for the weblogin-daemon etc.

[BlackLotus]

We are looking into using it in production, but we don't do so right now. Right now we are experimenting on our test cluster and we are looking for a simple solution that can manage MFA and ssh key handling since our IDM offers MFA, but no ssh key handling.