two factor authentication

LinuxLover · 11-24-2009, 02:07 AM

Quote:

f the WiKID server is returning true and the target SSH server is not validating the user, then the problem is most likely with your /etc/pam.d/sshd file. Do you have this line:

auth sufficient /lib/security/pam_radius_auth.so

? Post you /etc/pam.d/sshd file and I'll have a look.

Use you are right. I was not validating because I was using required instead of sufficient in pam_radious_auth.so line.

Now I am able to log in by using

auth sufficient /lib/security/pam_radius_auth.so

nickowen · 11-25-2009, 09:03 AM

Quote:

Originally Posted by LinuxLover

Use you are right. I was not validating because I was using required instead of sufficient in pam_radious_auth.so line.

Now I am able to log in by using

auth sufficient /lib/security/pam_radius_auth.so

Great! There you go! Now that you have sshd working, you can also do the same for other services, such as sudo, freenx (for remote desktop), postgresql, etc, etc, etc!

Then, think about setting up apache with mod-auth-radius/xradius (http://www.wikidsystems.com/support/...tion-to-apache). If you can run your authentication through apache, you can add two-factor authentication to all your web-apps, CMS, Web-dav, wordpress, phpBB etc. Since most web-apps support http-auth, there's a lot of possibilities. We have a bunch of tutorials: http://www.wikidsystems.com/support/...-center/how-to

Between PAM and Apache, you've got a lot of applications covered.

.