Re: yubikey and ldap user authentication with pam for radius server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


I'm not familiar with the yubikey libraries (as I work for a
competitor ;-), but why use them at all?  Don't you want to use
radius?  I'm fairly certain that yubikey supports it.

here's a tutorial on adding 2FA to pam using radius:
for ubuntu.

And here is one on having freeradius in the middle to perform
authorization in ldap and then proxy the cred to another server for
authentication.  our example is a WiKID server, but radius is radius
and it works well anywhere.



On Wed, Mar 19, 2014 at 7:52 PM, Robert Pearce <r.pearce@xxxxxxxxxx> wrote:
> I'm really struggling to come up with a working /etc/pam.d/radius file
> which will work against yubikeys and ldap. This is for freeradius, which
> is configured solely to use pam for its authentication.
> I *thought* it should be nothing more than this:
> #%PAM-1.0
> auth requisite id=1 authfile=/etc/sysconfig/yubikey
> auth requisite use_first_pass config=/etc/pam_ldap.conf-radius
> i.e: check the yubi password, and then check the rest of the password
> against the ldap user. But it seems its more complicated as this does
> not work for me. I can see from the debugging output that it's trying
> the right parts of the password given against the right modules however.
> For now i'm not worrying about expired accounts or such (do i need an
> account requisite maybe anyway ?)
> Been stuck on this for a good while now, unfortunately.
> Notice: This email and any attachments are confidential.
> If received in error please destroy and immediately notify us.
> Do not copy or disclose the contents.
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx

Nick Owen
WiKID Systems, Inc.
Commercial/Open Source Two-Factor Authentication | #wikid on freenode,net

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux