To setup a multiple factor authentication server, this freeipa is open source solution. And with FreeOTP+ app to second factor:
ipa-server-install
ipa-server-install --setup-dns
You must make sure these network ports are open:
TCP Ports:
* 80, 443: HTTP/HTTPS
* 389, 636: LDAP/LDAPS
* 88, 464: kerberos
UDP Ports:
* 88, 464: kerberos
* 123: ntp
client side, first you should set up the dns or hosts file, and then execute the command as below:
yum install freeipa-client
ipa-client-install --mkhomedir