I'm really struggling to come up with a working /etc/pam.d/radius file which will work against yubikeys and ldap. This is for freeradius, which is configured solely to use pam for its authentication. I *thought* it should be nothing more than this: #%PAM-1.0 auth requisite pam_yubico.so id=1 authfile=/etc/sysconfig/yubikey auth requisite pam_ldap.so use_first_pass config=/etc/pam_ldap.conf-radius i.e: check the yubi password, and then check the rest of the password against the ldap user. But it seems its more complicated as this does not work for me. I can see from the debugging output that it's trying the right parts of the password given against the right modules however. For now i'm not worrying about expired accounts or such (do i need an account requisite pam_permit.so maybe anyway ?) Been stuck on this for a good while now, unfortunately. Notice: This email and any attachments are confidential. If received in error please destroy and immediately notify us. Do not copy or disclose the contents. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
