Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-10-2009, 02:37 PM   #1
LQ Newbie
Registered: Sep 2008
Distribution: Slackware
Posts: 8

Rep: Reputation: 1
PAM auth with SecurID and SSH keys

I have a RHEL4 system using SecurID two-factor authentication via a PAM module. This works fine, but I need to allow some key-based authentication for some automated logins (scripts moving stuff around, etc). The SecurID module has the ability to except logins or groups from the two-factor authentication, but it only knows how to pass the process on to local password authentication. I'd like to avoid running another instance of sshd, if possible. Anyone got this type of setup working before?
Old 06-11-2009, 07:22 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971
Surely the existence of SSH keys in the system prevent the PAM calls in the first place? if you do an ssh -v you'll see that (if permitted to) it first offers relevant rsa / dsa keys to the server, and only if that fails does it then move on to password authentication, which is presumably when your SecurID token is passed to a back end.
Old 06-12-2009, 08:39 AM   #3
LQ Newbie
Registered: Sep 2008
Distribution: Slackware
Posts: 8

Original Poster
Rep: Reputation: 1
Issue resolved

Um, nevermind. Upon closer inspection, it turns out that the vendor's install script that created the SSH keys didn't configure them properly. Once I fixed that, everything works fine.

D'oh! I guess that's a reminder to never assume the vendor did what they say they did without verifying it yourself.




pam, rsa

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/pam.d/system-auth is not found udayakumarsv SUSE / openSUSE 1 01-30-2008 05:59 PM
pam radius auth in slackware ?? Barx Slackware 1 04-30-2005 09:06 AM
Failing to log into ssh via ldap auth. Pam Problem? cehlers Linux - Security 1 10-10-2004 08:55 AM
PAM auth error with empty passphrase over SSH angrybeaver Linux - Software 0 09-12-2004 11:35 PM
openssh/PAM auth problem crippler909 Linux From Scratch 1 06-08-2003 12:51 PM

All times are GMT -5. The time now is 03:44 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration