PAM help (multi-factor SSH auth using RADIUS and LDAP)
Hi All,
I am trying set up my fedora server to do multi-factor ssh auth using radius and ldap, like the following:
user goes to log in, they are prompted for username, they provide the username, then they are prompted for RADIUS password, then they are prompted for LDAP password.
I can get both to work nicely seperately, but for some reason, i cannot get them to work together. Here is my pam sshd config. Any help is much appreciated!
#%PAM-1.0
auth sufficient pam_sepermit.so
auth sufficient pam_unix.so nullok try_first_pass
#auth include system-auth
auth required pam_ldap.so
auth required pam_radius_auth.so debug
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_mkhomedir.so skel=/etc/skel umask=0022
|