LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 06-10-2009, 01:37 PM   #1
jdvail
LQ Newbie
 
Registered: Sep 2008
Distribution: Slackware
Posts: 8

Rep: Reputation: 1
PAM auth with SecurID and SSH keys


I have a RHEL4 system using SecurID two-factor authentication via a PAM module. This works fine, but I need to allow some key-based authentication for some automated logins (scripts moving stuff around, etc). The SecurID module has the ability to except logins or groups from the two-factor authentication, but it only knows how to pass the process on to local password authentication. I'd like to avoid running another instance of sshd, if possible. Anyone got this type of setup working before?
 
Old 06-11-2009, 06:22 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,345

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
Surely the existence of SSH keys in the system prevent the PAM calls in the first place? if you do an ssh -v you'll see that (if permitted to) it first offers relevant rsa / dsa keys to the server, and only if that fails does it then move on to password authentication, which is presumably when your SecurID token is passed to a back end.
 
Old 06-12-2009, 07:39 AM   #3
jdvail
LQ Newbie
 
Registered: Sep 2008
Distribution: Slackware
Posts: 8

Original Poster
Rep: Reputation: 1
Issue resolved

Um, nevermind. Upon closer inspection, it turns out that the vendor's install script that created the SSH keys didn't configure them properly. Once I fixed that, everything works fine.

D'oh! I guess that's a reminder to never assume the vendor did what they say they did without verifying it yourself.

Thanks

jvail
 
  


Reply

Tags
pam, rsa


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/pam.d/system-auth is not found udayakumarsv Suse/Novell 1 01-30-2008 04:59 PM
pam radius auth in slackware ?? Barx Slackware 1 04-30-2005 08:06 AM
Failing to log into ssh via ldap auth. Pam Problem? cehlers Linux - Security 1 10-10-2004 07:55 AM
PAM auth error with empty passphrase over SSH angrybeaver Linux - Software 0 09-12-2004 10:35 PM
openssh/PAM auth problem crippler909 Linux From Scratch 1 06-08-2003 11:51 AM


All times are GMT -5. The time now is 12:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration