| Yubico Forum https://forum.yubico.com/ |
|
| OpenVPN PAM config file for Debian https://forum.yubico.com/viewtopic.php?f=5&t=1824 |
Page 1 of 1 |
| Author: | besson3c [ Wed Apr 08, 2015 7:55 pm ] |
| Post subject: | OpenVPN PAM config file for Debian |
Hello, I'm having problems getting PAM password checks working as my second factor for my OpenVPN auth. The instructions here (for without FreeRadius) include a PAM config file for Redhat based systems: https://developers.yubico.com/yubico-pa ... a_PAM.html Here is that config: Quote: auth required pam_yubico.so authfile=/etc/yubikeyid id=16 debug auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session include system-auth When I comment out everything but the first line, my VPN connections work fine, but of course authentication works with any password I provide it that precedes my Yubikey OTP. On Debian based systems there isn't a system-auth, but it isn't working with "common-auth" in place of "system-auth" either. Any feedback on a working Debian-compatible configuration? |
|
| Author: | besson3c [ Thu Apr 09, 2015 3:15 pm ] |
| Post subject: | Re: OpenVPN PAM config file for Debian |
Here is my current attempt (which is authenticating my Yubikey but not my system password): Quote: auth required pam_yubico.so authfile=/path/to/yubikeys id=22010 debug
auth include common-auth account required pam_nologin.so account include common-account password include common-password session include common-session |
|
| Author: | besson3c [ Thu Apr 09, 2015 3:48 pm ] |
| Post subject: | Re: OpenVPN PAM config file for Debian |
Figured it out, this works for me: auth required pam_yubico.so authfile=/path/to/yubikeys id=22010 debug auth required pam_unix.so try_first_pass debug shadow nodelay account required pam_unix.so |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|