plain auth: support OTP authentication using usersfile

That adds a dependency on liboath.

doc/sample.config

@@ -12,12 +12,14 @@
 #  This enabled PAM authentication of the user. The gid-min option is used 
 # by auto-select-group option, in order to select the minimum valid group ID.
 #
-# plain[passwd=/etc/ocserv/ocpasswd]
+# plain[passwd=/etc/ocserv/ocpasswd,otp=/etc/ocserv/users.otp]
 #  The plain option requires specifying a password file which contains
 # entries of the following format.
 # "username:groupname1,groupname2:encoded-password"
 # One entry must be listed per line, and 'ocpasswd' should be used
-# to generate password entries.
+# to generate password entries. The 'otp' suboption allows to specify
+# an oath password file to be used for one time passwords; the format of
+# the file is described in https://code.google.com/p/mod-authn-otp/wiki/UsersFile
 #
 # radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true,nas-identifier=name,override-interim-updates=false]:
 #  The radius option requires specifying freeradius-client configuration
@@ -36,6 +38,7 @@
 
 #auth = "pam"
 #auth = "pam[gid-min=1000]"
+#auth = "plain[passwd=./sample.passwd,otp=./sample.otp]"
 auth = "plain[passwd=./sample.passwd]"
 #auth = "certificate"
 #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"