Yubikey PAM + Freeradius + Mysql

2009-05-01T20:52:02+01:00

I am currently using freeradius server with user accounts stored in a mysql database. I was looking to implement the yubikeys with my freeradius server in a password+yubikey setup. I was held up because I didn't want to store my users as local user accounts on my freeradius server. I setup a test box and messed around with a few ideas on how to get it working and I finally got something to work. I figured I would share my results if anyone is interested.

I was was able to get the mysql authentication to work by using both the yubikey PAM module and the pam-mysql module http://pam-mysql.sourceforge.net/. I just pointed the pam-mysql module to look at the mysql table I was already using with my freeradius mysql setup. I wanted to migrate users from mysql authentication to yubikey+mysql authentication. Using the radgoupcheck table I set the Auth-Type := Pam, and the Fall-Through := 1, so I could migrate users group by group.

pam radius config file
---------------------
authrequiredpam_yubico.so authfile=/etc/yubikeyid id=16 debug
authrequired/lib/security/pam_mysql.so user=dbadmin passwd=xxx host=localhost db=radius_db01 table=radcheck usercolumn=UserName passwdcolumn=Value crypt=0
accountrequired/lib/security/pam_mysql.so user=dbadmin passwd=xxx host=localhost db=radius_db01 table=radcheck usercolumn=UserName passwdcolumn=Value crypt=0

Statistics: Posted by rvetter — Fri May 01, 2009 8:52 pm

Yubico Forum

Yubikey PAM + Freeradius + Mysql