Yubico Forum

Re: OpenVPN PAM config file for Debian

2015-04-09T15:48:30+01:00

Figured it out, this works for me:

auth required pam_yubico.so authfile=/path/to/yubikeys id=22010 debug
auth required pam_unix.so try_first_pass debug shadow nodelay
account required pam_unix.so

Statistics: Posted by besson3c — Thu Apr 09, 2015 3:48 pm

Re: OpenVPN PAM config file for Debian

2015-04-09T15:15:35+01:00

Here is my current attempt (which is authenticating my Yubikey but not my system password):

Quote:

auth required pam_yubico.so authfile=/path/to/yubikeys id=22010 debug
auth include common-auth
account required pam_nologin.so
account include common-account
password include common-password
session include common-session

Statistics: Posted by besson3c — Thu Apr 09, 2015 3:15 pm

OpenVPN PAM config file for Debian

2015-04-08T19:55:31+01:00

Hello,

I'm having problems getting PAM password checks working as my second factor for my OpenVPN auth. The instructions here (for without FreeRadius) include a PAM config file for Redhat based systems:

https://developers.yubico.com/yubico-pa ... a_PAM.html

Here is that config:

Quote:

auth required pam_yubico.so authfile=/etc/yubikeyid id=16 debug
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth

When I comment out everything but the first line, my VPN connections work fine, but of course authentication works with any password I provide it that precedes my Yubikey OTP. On Debian based systems there isn't a system-auth, but it isn't working with "common-auth" in place of "system-auth" either.

Any feedback on a working Debian-compatible configuration?

Statistics: Posted by besson3c — Wed Apr 08, 2015 7:55 pm