06-12-2021 03:14 AM
What kind of 2nd factors do you want to use and where are your users located?
Note, that certain authentication mechanism will not work through RADIUS like WebAuthn, PUSH tokens in push mode...
However, HOTP, TOTP, Yubikeys (in OTP mode), SMS, Email... can technically work.
An important aspect is the enrollment process to get the 2nd factors to the users in a secure manner. You should put some thoughts into that.
LinOTP is rather cool but imho it is missing a dust off for a couple of years. You might want to take a look a the fork privacyIDEA, <disclaimer>which I started 7 years ago.</disclaimer> Also works well with paloalto and similar solutions.
It also allows you to automate processes - very interesting for the e.g. the enrollment, token replacement or whatever you can think of.
