[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-Toolkit-help] pam_oath with openssh problem in CentOS6.0
From: |
Simon Josefsson |
Subject: |
Re: [OATH-Toolkit-help] pam_oath with openssh problem in CentOS6.0 |
Date: |
Mon, 21 Nov 2011 14:25:35 +0100 |
User-agent: |
Gnus/5.110018 (No Gnus v0.18) Emacs/23.2 (gnu/linux) |
谭中一 <address@hidden> writes:
> Hi,all
>
> I seek a solution for ssh with otp,then I found oath toolkit.
>
> My machine : CentOS6.0(in Vbox4.1.6),OpenSSH_5.3p1, OpenSSL 1.0.0-fips,
>
> follow the README, I Building and installation
> oath-toolkit-1.10.4<http://download.savannah.gnu.org/releases/oath-toolkit/oath-toolkit-1.10.4.tar.gz>
> .
> I had successful configure the su and login use pam_oath two
> factor authentication.
> but when I configure the *ssh* and login use pam_oath, I can't pass the
> authentication.
>
> this is my /etc/pam.d/sshd content.
Hello and thanks for your interest! Are you sure that your OpenSSH uses
PAM at all? Make sure /etc/ssh/sshd_config has 'UsePAM yes' in it.
/Simon
> ====================================================
>
> auth requisite pam_oath.so usersfile=/etc/users.oath window=20 digits=6
> #%PAM-1.0
> auth required pam_sepermit.so
> auth include password-auth
> account required pam_nologin.so
> account include password-auth
> password include password-auth
> # pam_selinux.so close should be the first session rule
> session required pam_selinux.so close
> session required pam_loginuid.so
> # pam_selinux.so open should only be followed by sessions to be executed in
> the user context
> session required pam_selinux.so open env_params
> session optional pam_keyinit.so force revoke
> session include password-auth。
> ===================================================
> And I have other machine which is Ubuntu10.04(also in Vbox4.1.6),the
> pam_oath.so works very well both in *su* and *ssh.*
> So I think there maybe some wrongs in the CentOS /etc/pam.d/sshd.
>
> I am look for your helping, thanks!