Personal tools
|
PAM Radius HOW TOHow to use WiKID Strong Authentication for SSH logins on Linux using PAM These instructions were written specifically for setting up two-factor authentication with WiKID, but can be applied to any PAM set up. First, you need to install PAM Radius. The PAM Radius home page is here.  1.Edit /etc/pam.d/sshd to allow Radius authentication:
vi /etc/pam.d/sshd N.B.: Distributions of linux have different pam.d file formats. Please check with your distribution for specific suggestions. These instructions work for Fedora/Redhat/Centos. Go to the first line of the file, hit the Insert key or the i key and insert this line: auth sufficient /lib/security/pam_radius_auth.so The “sufficient” tag indicates that if the Radius authentication succeeds then no additional authentication will be required. However, if the Radius authentication fails, a username and password from the system will work. Use "Required" to require strong authentication. Write the file and quit. Hit the Esc key to exit insert mode and type “:wq”
vi /etc/raddb/server Below the line: 127.0.0.1 secret 1 Add this line, substituting your routableIPAddress: routableIPaddress shared_secret 1 3.Assuming that you already have a domain you would like to use, configure a network client with the routableIPaddress and the shared secret you used in the /etc/raddb/server file. You will have to stop and start the WiKID server after configuring the new Radius Network Client.
The WiKID Strong Authentication System is a very reasonably priced two-factor authentication solution. We invite you to learn more about our technology and architecture and to download and test the Enterprise version. |
|
Digg this!
Del.ico.us
Google
Yahoo bookmarks
Reddit
Spurl
Simpy
