[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Securid authentication with failover



Trying to setup a two stage authentcation process using the RSA Securid PAM .so.

I am trying to have the RSA be the first authenticator. If the RSA server is not available I would like the pam_stack.so to be used.

What I currently get is RSA authentication-that works. If the user types their etc/passwd they can still get in that way. If the RSA server does not respond then the etc/passwd process still works.

I have tried mofiying /etc/pam.d/sshd (my testing is using ssh) and ended up with

snip---

#%PAM-1.0
auth    [ \
       success=done \
       auth_err=ignore \
       ignore=ignore \
       default=bad \
       ] \
                       /opt/pam/lib/pam_securid.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so

---snip

It appears that modifying the value=action pair of auth_err causes variations in the progress through the modules. I have not found any other pair that seems to affect the authentication stopping or continuing. (except success).

I'm not sure that RSA is playing nice but, no way to tell. I plan on contacting them to see if they can give me some guidance on what they are doing PAM wise.

This testing is occuring on a redhat 7.2 box. RPM is pam-0.75-46.7.2

Thanks for any help with this.

Luke




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]