Skip to main content

The best way to add two-factor authentication to any system is by using strong standard protocols.


Each flavor of linux handles PAM slightly differently. This tutorial covers how to install pam-radius for two-factor authentication on Ubuntu.

First, install the package:

$ sudo apt-get install libpam-radius-auth

That was pretty painless. Now let's configure it. First, let's tell pam_radius which radius server to talk to:

$ sudo vim /etc/pam_radius_auth.conf 

Note that the file says to copy it to /etc/raddb/server, but DO NOT do that.

Edit the line "other-server other-secret 3" replacing 'other-server' with IP address or hostname of your WiKID Strong Authentication server (or radius server if you have one set up in between WiKID and your servers) and change 'other-secret' the shared secret for this network client.

Now that the package is setup and pointing to your WiKID server, let's configure a service to use it.

Edit your /etc/pam.d/sshd file and add the line:

auth sufficient

Just above:

# Standard Un*x authentication.
@include common-auth

Now, you are ready to test. I recommend you run 'tail -f /var/log/auth.log' while you test.

Note that we have not made any changes to the account setup, so the user is expected to have a local account on the machine or you can configure that via LDAP auth using windbind to AD. For a tutorial on configuring pam_radius for two-factor authentication on Redhat flavors of Linux, please see the complete list of pam-radius tutorials.

NB:  If your users are in a directory, you should download our eGuide on how to properly add two-factor authentication to your network.

Did this free content help you? Please share it with others via Twitter!

Need two-factor authentication? Download a free trial of the WiKID Strong Authentication Server today!



Copyright © WiKID Systems, Inc. 2016 | Two-factor Authentication