|Yubikey PAM + Freeradius + Mysql
|Page 1 of 1|
|Author:||rvetter [ Fri May 01, 2009 8:52 pm ]|
|Post subject:||Yubikey PAM + Freeradius + Mysql|
I am currently using freeradius server with user accounts stored in a mysql database. I was looking to implement the yubikeys with my freeradius server in a password+yubikey setup. I was held up because I didn't want to store my users as local user accounts on my freeradius server. I setup a test box and messed around with a few ideas on how to get it working and I finally got something to work. I figured I would share my results if anyone is interested.
I was was able to get the mysql authentication to work by using both the yubikey PAM module and the pam-mysql module http://pam-mysql.sourceforge.net/. I just pointed the pam-mysql module to look at the mysql table I was already using with my freeradius mysql setup. I wanted to migrate users from mysql authentication to yubikey+mysql authentication. Using the radgoupcheck table I set the Auth-Type := Pam, and the Fall-Through := 1, so I could migrate users group by group.
pam radius config file
auth required pam_yubico.so authfile=/etc/yubikeyid id=16 debug
auth required /lib/security/pam_mysql.so user=dbadmin passwd=xxx host=localhost db=radius_db01 table=radcheck usercolumn=UserName passwdcolumn=Value crypt=0
account required /lib/security/pam_mysql.so user=dbadmin passwd=xxx host=localhost db=radius_db01 table=radcheck usercolumn=UserName passwdcolumn=Value crypt=0
|Page 1 of 1||All times are UTC + 1 hour|
|Powered by phpBB® Forum Software © phpBB Group