Last modified: 2012-12-30 21:27:19 UTC
Some users have privileges worthy of requiring two-factor auth. Add a configuration option wgOATHAuthRequiredGroups. Any member of that group should require OATH to login.
Fixed in Gerrit change I99236154.