These instructions will help you use WiKID Strong Authentication withOpenVPN on Linux.
- Configure your Linux box via PAM to use TACACS+ and WiKID for SSH Authentication or PAM RADIUS
- Install OpenVPN according to their excellent howto
- You will want to configure the server side to use an alternate authentication method, just add this to server.conf file (verify the location of openvpn-auth-pam.so):
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so openvpnIf you want to drop the requirement for client certificates, add the following as well:
If you drop the requirement for client certificates on the server, you should also comment them out on the client:
#cert client.crt #key client.key
Now you need to create the /etc/pam.d/openvpn file. It should only need two lines, one for authentication and one for account:
auth sufficient /lib/security/pam_radius_auth.so debug account sufficient /lib/security/pam_radius_auth.so
That is it!
The WiKID Strong Authentication System is a very reasonably priced two-factor authentication solution. We invite you to learn more about our technology and architecture and to download and test the Enterprise version.