Setup Linux Client machine

Last time I checked, it worked.

I would usually modify the password-auth which is called in auth substack password-auth.
Create a privacyidea-auth. In this I would add after or replace the line

auth sufficient try_first_pass

with a call to privacyIDEA.

THen you can replace the auth substack with the privacyidea-auth call and check for other services like “login”.
Check the log file of pam/auth.
Go small steps, one after the other.

If you are fed up, use RADIUS and pam_radius.