Another far to early a day and we were over hacking on two factor auth again over at the Red Hat tower. (On the 13th floor this time!).
We got things further deployed in staging, got the config all puppeted, got the provisioning (thanks to totpcgi) setup and working. Got some ssl cert CA and bundle issues worked through (pam_url verifies it’s connection to the cgi, and the cgi also verifies that pam_url has a valid client cert).
Ran into an issue where 32bit machines were sending the incorrect username. It was just garbage. ;(
Some great community effort and we managed to track down the bug in the pam_url module c code, then fixed up some cert issues (the server wasn’t able to use a server cert to auth against itself).
Everything seems now to be working in staging, and we will push it out live friday most likely.