#Combining security login authmethods: cert and domain

A customer using Harvest is trying to combine domain and cert authmethod. It doesn't look like it's possible according to https://community.netapp.com/t5/ONTAP-Discussions/Using-special-character-in-common-name-for-SSL-Certificate/m-p/101439
That community post is from 2015, is it still the case that these two authmethods can not be combined?

no. And you can easily check this on the CLI: as soon as you select -authentication-method domain, the list of possible second factors for -second-authentication-method (shown by pressing ? ) contains only none.

With ONTAP 9.13.1 you can use publickey as the second factor together with domain as the primary factor. Not possible with cert though.

@dense nimbus strange, I ran that command on 9.13.1 and it didn't show publickey as available method 🤔

https://docs.netapp.com/us-en/ontap/authentication/grant-access-active-directory-users-groups-task.html

seems like it's hidden but ONTAP accepts it if you type it manually:

cl1::*> security login create -vserver cl1 -authentication-method domain -second-authentication-method publickey -?
   [-user-or-group-name] <text>              User Name or Group Name
   [-application] <text>                     Application
  [ -remote-switch-ipaddress <IP Address> ]  Remote Switch IP Address
  [[-role] <text>]                           Role Name (default: admin)
  [ -comment <text (size 0..128)> ]          Comment Text
  [ -is-ns-switch-group {yes|no} ]           Whether Ns-switch Group (default: no)
  [ -is-ldap-fastbind {yes|no} ]             LDAP Fastbind Authentication