ThomasHabets
commented
4 years ago That 6 and 8 is the length of the OTP, depending on if it's a generated OTP (6 digits) or a backup code (8 digits), not the password.
There is no restriction on the length of the password part of a concatenated password+OTP. It can be less than, equal to, or longer than 8 characters.
Currently password is fixed to 8 characters and then the verification code IE. abcdefg123456 If the system is using more than 8 characters then unexpected results will happen base on the password used. See this line: const int expected_len = mode & 1 ? 8 : 6; line 1950 in pam_google_authenticator.c Would be great to be able to use passwords over 8 characters long. How about be able to specify password length through variable passed via PAM config?