[Freeipa-users] OTP vs password?

[Janelle]

Hello all...

Seeing something very strange. With OTP enabled for all users - here is 
the configuration:

Some hosts fully "enrolled" with IPA, and some are simply configured 
with authconfig to use LDAP backend for authentication.

RANDOMLY   <---- Keyword here -- all systems use SSSD regardless of the 
authentication method. A user will be able to login with password+token, 
but the random part - sometimes JUST the password. Is this possible due 
to some odd caching issues with SSSD perhaps or ??? How might I research 
this? is there anything to look for in configs or logs?

thank you
~J