| Yubico Forum https://forum.yubico.com/ |
|
| PAM config for sshd in RHEL 7 / CentOS 7 https://forum.yubico.com/viewtopic.php?f=16&t=1447 |
Page 1 of 1 |
| Author: | minimax [ Wed Aug 20, 2014 10:08 am ] |
| Post subject: | PAM config for sshd in RHEL 7 / CentOS 7 |
I can't get Yubikey to work with SSH on RHEL 7 / CentOS 7. I always get the error Code: debug1: PAM: initializing for "root" PAM unable to resolve symbol: pam_sm_authenticate PAM unable to resolve symbol: pam_sm_setcred debug1: PAM: setting PAM_RHOST to "192.168.122.1" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user root service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] password check failed for user (root) pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.122.1 user$ pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" debug1: PAM: password authentication failed for root: Module is unknown This is what I did to install Yubikey on RHEL 7 / CentOS 7: Code: rpm -Uvh http://download.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm yum -y install libyubikey In /etc/pam.d/sshd: Code: #%PAM-1.0 auth required /usr/lib64/libyubikey.so id=16 authfile=/etc/yubikey_mappings ...the rest of the file In /etc/yubikey_mappings: Code: root:cccc.... Code: systemctl restart sshd.service But no luck. On RHEL 6 and CentOS 6, everything is working fine. |
|
| Author: | mystic1 [ Tue Sep 23, 2014 10:11 pm ] |
| Post subject: | Re: PAM config for sshd in RHEL 7 / CentOS 7 |
I got a little further than you did. I did the same bits with yum, but placed my "auth sufficient libyubikey.so id=16 authfile=/etc/yubikey_mappings" (note the change from "required" to "sufficient" line in /etc/pam.d/password-auth I then realized that CentOS 7 was looking in /usr/lib64/security for the PAM *.so files, so I went there and linked to the Yubikey library: Code: ln -s /usr/lib64/libyubikey.so.0 /usr/lib64/security/libyubikey.so This yielded an error in /var/log/secure every time I tried to SSH in to my host: Code: Sep 23 16:03:46 netservices3 sshd[3961]: PAM unable to resolve symbol: pam_sm_authenticate
Sep 23 16:03:46 netservices3 sshd[3961]: PAM unable to resolve symbol: pam_sm_setcred |
|
| Author: | minimax [ Thu Sep 25, 2014 10:35 am ] |
| Post subject: | Re: PAM config for sshd in RHEL 7 / CentOS 7 |
Ok, I tried the same - there is no need to set a symbolic link if you provide the correct filename directly in /etc/pam.d/sshd: Code: auth sufficient /usr/lib64/libyubikey.so.0 id=16 authfile=/etc/yubikey_mappings Despite of that I get the same results: Code: PAM unable to resolve symbol: pam_sm_authenticate PAM unable to resolve symbol: pam_sm_setcred 
|
|
| Author: | minimax [ Thu Sep 25, 2014 11:48 am ] |
| Post subject: | Re: PAM config for sshd in RHEL 7 / CentOS 7 |
If you compile * ykclient-2.13 * libyubikey-1.12 * ykpers-1.15.3 and * yubico-pam from Github then you will get the pam_yubico.so. But activating now results in Code: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" This seems due to /etc/pam.d/password-auth: Code: auth requisite pam_succeed_if.so uid >= 1000 quiet_success But whatever you change here, I can't login using YubiKey. |
|
| Author: | minimax [ Mon Oct 20, 2014 10:01 am ] |
| Post subject: | Re: PAM config for sshd in RHEL 7 / CentOS 7 |
@Yubico: is there a solution? Can someone guide me with some hints on this issue? |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|