Unix MFA Quick and Dirty Instructions


It’s impossible to untangle all the different permutations on how this works on Unixes, but here are a few hints for the motivated user.  These were tried successfully on MacOS (under the command line — for GUI use OTP Manager from the App Store which is MUCH easier to configure) and CentOS 7.

  • Instal oath-toolkit.  For CentOS / Redhats it’s in the EPL, so you will need to have that repository added.  For MacOS you can use Homebrew and do brew-install.  This part does the work of calculating the OTP value.
  • For convenience, add a script like this (we called it /usr/local/bin/otp).  It is a wrapper around oath-toolkit that makes it easier to use.  In the script, double check that the path to oathtool is correct (is /usr/local/bin on Mac, /usr/bin on CentOS).  Don’t try to cut and paste this script — it uses careful formatting of quotation marks and OSes try to “help” by making them the pretty print kind.  If you get an error in the sed line then you are probably having this problem.  We suggest downloading it directly to your machine: download otp

hopkins=SECRETCODEHERE

  • You can then do the command “otp hopkins” from the command line to get your OTP code.  If you use more services that use oath OTP codes (Google, Slack, etc) you can put them in here as well.

References: