Hi All,
I am in the process of testing RSA authentication using a sample pack from EMC. We have a Windows 2008R2 and Linux network. I have set up the RSA manager and have also set up a test Windows PC for testing and have also modified the DC. All works fine in the Windows environment. I can login with just a domain password for non-challenged user and can also login with passcode and then domain password for challenged user.
I have also setup a RHEL 5.4 box for testing. I have joined it to the Windows domain and can login as a domain users using domain credentials. I then tried setting up the RSA bit and have it working as follows:
1. I can SSH into it as root (using the reserve parameter).
2. I can SSH into it as a challenged user using the passcode only.
3. However, I cannot login as an un-challenged user. It keeps asking for password (with the prompt as specified in the sp_pam.conf file.
Ideally, I would like the Linux version to work the same as the Windows PC version and can deal with no root access. I just cannot seem to get the pam.d/sshd file configured correctly.
The following sshd file allows the root and challenged user to login (without domain password, just passcode):
Code:
auth required pam_securid.so reserve debug
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
The following sshd file does not allow root to login but does work with challenged users' passcode followed by domain password:
Code:
auth required pam_securid.so reserve debug
auth sufficient pam_winbind.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
Can anyone suggest what configuration will allow non-challenged users to login with domain password and challenged users to login with passcode, followed by domain password?
Thanks in advance,
Vlad