[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

yubikey and ldap user authentication with pam for radius server



I'm really struggling to come up with a working /etc/pam.d/radius file
which will work against yubikeys and ldap. This is for freeradius, which
is configured solely to use pam for its authentication.

I *thought* it should be nothing more than this:

#%PAM-1.0
auth requisite pam_yubico.so id=1 authfile=/etc/sysconfig/yubikey
auth requisite pam_ldap.so use_first_pass config=/etc/pam_ldap.conf-radius

i.e: check the yubi password, and then check the rest of the password
against the ldap user. But it seems its more complicated as this does
not work for me. I can see from the debugging output that it's trying
the right parts of the password given against the right modules however.
For now i'm not worrying about expired accounts or such (do i need an
account requisite pam_permit.so maybe anyway ?)

Been stuck on this for a good while now, unfortunately.


Notice: This email and any attachments are confidential.
If received in error please destroy and immediately notify us.
Do not copy or disclose the contents.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]