• Introduction
• Audience
• Scope
• Theory of operation
• Technical terms and details
• OTP
• TOTP
• PAM
• google-authenticator-libpam
• PAM module processing
• forward_pass / use_first_pass options
• Data flow
• Process overview
• CentOS 8 example
• Example pre-requisites
• Normal CentOS 8 PAM stack for xrdp-sesman
• 2FA CentOS 8 PAM stack for xrdp-sesman
• Implementing the low-level PAM changes
• Changes to gdm-password-ga
• Changes to password-auth-ga
• Install software
• Decide on the Google authenticator options to use
• Configuring users
• Check the system time is synchronised
• Changes to xrdp-sesman
• Making sesman aware of the changes
• Testing
• Backing out
• Appendix - Enterprise environment considerations
• NFS home directories
• Mixing 2FA and non-2FA users
• Secret file options
• Appendix - Google authenticator options