Each flavor of linux handles PAM slightly differently. This tutorial covers how to install pam-radius for two-factor authentication on Ubuntu.
First, install the package:
$ sudo apt-get install libpam-radius-auth
That was pretty painless. Now let's configure it. First, let's tell pam_radius which radius server to talk to:
$ sudo vim /etc/pam_radius_auth.conf
Note that the file says to copy it to /etc/raddb/server, but DO NOT do that.
Edit the line "other-server other-secret 3" replacing 'other-server' with IP address or hostname of your WiKID Strong Authentication server (or radius server if you have one set up in between WiKID and your servers) and change 'other-secret' the shared secret for this network client.
Now that the package is setup and pointing to your WiKID server, let's configure a service to use it.
Edit your /etc/pam.d/sshd file and add the line:
auth sufficient pam_radius_auth.so
# Standard Un*x authentication.
Now, you are ready to test. I recommend you run 'tail -f /var/log/auth.log' while you test.
Note that we have not made any changes to the account setup, so the user is expected to have a local account on the machine or you can configure that via LDAP auth using windbind to AD. For a tutorial on configuring pam_radius for two-factor authentication on Redhat flavors of Linux, please see the complete list of pam-radius tutorials.
NB: If your users are in a directory, you should download our eGuide on how to properly add two-factor authentication to your network.
Did this free content help you? Please share it with others via Twitter!
Need two-factor authentication? Download a free trial of the WiKID Strong Authentication Server today!