yubikey and ldap user authentication with pam for radius server
Robert Pearce
r.pearce at gns.cri.nz
Wed Mar 19 23:52:55 UTC 2014
I'm really struggling to come up with a working /etc/pam.d/radius file
which will work against yubikeys and ldap. This is for freeradius, which
is configured solely to use pam for its authentication.
I *thought* it should be nothing more than this:
#%PAM-1.0
auth requisite pam_yubico.so id=1 authfile=/etc/sysconfig/yubikey
auth requisite pam_ldap.so use_first_pass config=/etc/pam_ldap.conf-radius
i.e: check the yubi password, and then check the rest of the password
against the ldap user. But it seems its more complicated as this does
not work for me. I can see from the debugging output that it's trying
the right parts of the password given against the right modules however.
For now i'm not worrying about expired accounts or such (do i need an
account requisite pam_permit.so maybe anyway ?)
Been stuck on this for a good while now, unfortunately.
Notice: This email and any attachments are confidential.
If received in error please destroy and immediately notify us.
Do not copy or disclose the contents.
More information about the Pam-list
mailing list