Google Authenticator surely is a cute thing. But my current solution isn’t really matching my taste: one token for every app which makes up a total of 20 token for my daily use – about 19 token too much if you’d ask me.
A solution could be a Radius server, having all the users authenticated using a PAM Module – or something completely different. I cancelled the Radius Server as I couldn’t get it to play nice with my LDAP Directory. So I had to search on.
During my research I stumbled over OpenOTP which is great solution for authentication using Tokens and LDAP – free for less than 30 users. In the end, I am authenticating all of my wordpress installs using Tokens and my central LDAP Server.
Due to matching PAM Modules even the SSHd now plays nicely with OpenOTP and I was able to drop all of the tokens except for two.