Digg this!
Del.ico.us
Google
Yahoo bookmarks
Reddit
Spurl
SimpyPAM Radius HOW TO
How to use WiKID Strong Authentication for SSH logins on Linux using PAM
These instructions were written specifically for setting up two-factor authentication with WiKID, but can be applied to any PAM set up.
First, you need to install PAM Radius. The PAM Radius home page is here.
1.Edit /etc/pam.d/sshd to allow Radius authentication:
vi /etc/pam.d/sshd
N.B.: Distributions of linux have different pam.d file formats. Please check with your distribution for specific suggestions. These instructions work for Fedora/Redhat/Centos.
Go to the first line of the file, hit the Insert key or the i key and insert this line:
auth sufficient /lib/security/pam_radius_auth.so
The “sufficient” tag indicates that if the Radius authentication succeeds then no additional authentication will be required. However, if the Radius authentication fails, a username and password from the system will work. Use "Required" to require strong authentication.
Write the file and quit. Hit the Esc key to exit insert mode and type “:wq”
2.Edit or create your /etc/raddb/server file:
vi /etc/raddb/server
Below the line:
127.0.0.1 secret 1
Add this line, substituting your routableIPAddress:
routableIPaddress shared_secret 1
3.Assuming that you already have a domain you would like to use, configure a network client with the routableIPaddress and the shared secret you used in the /etc/raddb/server file. You will have to stop and start the WiKID server after configuring the new Radius Network Client.
4.Set up a WiKID Strong Authentication client and login using WiKID ;).
The WiKID Strong Authentication System is a very reasonably priced two-factor authentication solution. We invite you to learn more about our technology and architecture and to download and test the Enterprise version.
