Hello, The available authentication methods for the PAM Agent are documented on page Deploy the PAM Access Agent for Windows. The list includes LDAP+RADIUS and LDAP+RSA, which I would say qualify as MFA implementations. The statement "authenticates solely with LDAP" is false. It does not support SAML authentication, which I assume is what you are after. Please use the ideation page to submit enhancement requests.
Original Message:
Sent: Aug 06, 2024 02:12 AM
From: MTrucillo
Subject: About enabling MFA with PAM Agent
I am writing to discuss the feasibility of using PAM or, more specifically, PAM Agent with MFA. While I am well aware that integrating PAM with SAML allows the identity provider to authenticate using both a password and an additional factor (such as a token, an otp, etc...), there are cases where using PAM Agent, which authenticates solely with LDAP, is more straightforward. However, the question arises: Can we somehow implement MFA in this scenario? I believe that not having this capability would be a significant limitation for a product of this type.
Thanks in advance
Marco