OTP provides a second proof of identity when logging in to Oracle Solaris. The use of a second proof of identity is called two-factor authentication (2FA). The system first prompts you for your UNIX password, then for the OTP from your mobile authenticator app. After you the system verifies these two authentications, it logs you in. For more information, see About Two-Factor Authentication.
OTP in Oracle Solaris conforms to the specifications for HMAC-based and time-based OTPs in HOTP: An HMAC-Based One-Time Password Algorithm, RFC 4226 and TOTP: Time-Based One-Time Password Algorithm, RFC 6238, so should be able to work with any authenticator that conforms to these specifications.
Oracle Solaris delivers OTP in the system/security/otp IPS package. The solaris-small-server, solaris-large-server, and solaris-desktop groups deliver this package, which contains the following items:
OTP PAM module – pam_otp_auth implements OTP. When pam_otp_auth is a module in a login PAM stack, users must provide an OTP. For more information, see the pam_otp_auth(7) man page.
OTP administrative command – otpadm is the command you use to configure OTP authentication for users. Users can manage their own keys with this command. For more information, see the otpadm(8) man page.
To assign OTP to individual users, administrators use the –K pam_policy=otp option to the useradd or usermod command. For the procedures, see Configuring and Using OTP in Oracle Solaris.