I'm not familiar with the yubikey libraries (as I work for a competitor ;-), but why use them at all? Don't you want to use radius? I'm fairly certain that yubikey supports it. here's a tutorial on adding 2FA to pam using radius: http://www.wikidsystems.com/support/wikid-support-center/how-to/pam-radius-how-to or http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-pam-radius-in-ubuntu for ubuntu. And here is one on having freeradius in the middle to perform authorization in ldap and then proxy the cred to another server for authentication. our example is a WiKID server, but radius is radius and it works well anywhere. HTH, Nick ᐧ On Wed, Mar 19, 2014 at 7:52 PM, Robert Pearce <r.pearce@xxxxxxxxxx> wrote: > I'm really struggling to come up with a working /etc/pam.d/radius file > which will work against yubikeys and ldap. This is for freeradius, which > is configured solely to use pam for its authentication. > > I *thought* it should be nothing more than this: > > #%PAM-1.0 > auth requisite pam_yubico.so id=1 authfile=/etc/sysconfig/yubikey > auth requisite pam_ldap.so use_first_pass config=/etc/pam_ldap.conf-radius > > i.e: check the yubi password, and then check the rest of the password > against the ldap user. But it seems its more complicated as this does > not work for me. I can see from the debugging output that it's trying > the right parts of the password given against the right modules however. > For now i'm not worrying about expired accounts or such (do i need an > account requisite pam_permit.so maybe anyway ?) > > Been stuck on this for a good while now, unfortunately. > > > Notice: This email and any attachments are confidential. > If received in error please destroy and immediately notify us. > Do not copy or disclose the contents. > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list -- Nick Owen WiKID Systems, Inc. http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication http://twitter.com/wikidsystems | #wikid on freenode,net _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
