I am currently using freeradius server with user accounts stored in a mysql database. I was looking to implement the yubikeys with my freeradius server in a password+yubikey setup. I was held up because I didn't want to store my users as local user accounts on my freeradius server. I setup a test box and messed around with a few ideas on how to get it working and I finally got something to work. I figured I would share my results if anyone is interested.
I was was able to get the mysql authentication to work by using both the yubikey PAM module and the pam-mysql module
http://pam-mysql.sourceforge.net/. I just pointed the pam-mysql module to look at the mysql table I was already using with my freeradius mysql setup. I wanted to migrate users from mysql authentication to yubikey+mysql authentication. Using the radgoupcheck table I set the Auth-Type := Pam, and the Fall-Through := 1, so I could migrate users group by group.
pam radius config file
---------------------
auth required pam_yubico.so authfile=/etc/yubikeyid id=16 debug
auth required /lib/security/pam_mysql.so user=dbadmin passwd=xxx host=localhost db=radius_db01 table=radcheck usercolumn=UserName passwdcolumn=Value crypt=0
account required /lib/security/pam_mysql.so user=dbadmin passwd=xxx host=localhost db=radius_db01 table=radcheck usercolumn=UserName passwdcolumn=Value crypt=0
Login
FAQ
Search
