LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   multiple auth methods in pam.d/sshd? (https://www.linuxquestions.org/questions/linux-security-4/multiple-auth-methods-in-pam-d-sshd-4175509417/)

ghughes5669 06-27-2014 01:02 PM
multiple auth methods in pam.d/sshd?
 
Hello!

Im trying to get PAM to allow for multiple methods of authentication. I want to have an RSA SecurID PAM module authenticate one group of users, Active Directory to authenticate a second, separate group of users, and finally, a local /etc/passwd to authenticate a third group of users. One of these groups has SecurID tokens and Active Directory accounts. This group should only be able to log in to the Linux server with their SecurID token and not their Active Directory credentials. The other groups should have only the Active Directory authentication requested.

I've tried stacking PAM modules in different orders and different controls, and I've worked on the system-auth-ac file to try and deny the Active Directory to those users by using pam_listfile in the system-auth-ac file. None of the variations have brought any joy.

I'm racking my brains on this one - seems there should be some way to wrangle a particular authentication method for any arbitrary group, but the answer eludes me.

Has anyone tried something this involved recently?

Thanks for any tips or guidance on this!


Gregg

vishesh 07-01-2014 05:26 AM
We can set authentication order in a way so that if one auth method fail it try for next one.

Thanks


All times are GMT -5. The time now is 06:23 AM.