mirror of
https://github.com/Yubico/yubico-pam.git
synced 2025-02-20 21:54:16 +01:00
Update Two_Factor_PAM_Configuration.adoc
This commit is contained in:
parent
cf67053e78
commit
482a11ccd2
@ -2,15 +2,16 @@ PAM configuration is somewhat complex, but a typical use-case is to
|
||||
require both a password and Yubikey to allow access. This can be
|
||||
achieved by a PAM configuration like this:
|
||||
|
||||
```
|
||||
auth requisite pam_yubico.so id=42
|
||||
auth required pam_unix.so use_first_pass
|
||||
```
|
||||
---
|
||||
auth requisite pam_yubico.so id=42
|
||||
auth required pam_unix.so use_first_pass
|
||||
---
|
||||
|
||||
The first line makes pam_yubico check the OTP. Use either a per-user
|
||||
file called ~/.yubico/authorized_yubikeys, or a system wide file called
|
||||
/etc/yubikey_mappings to specify which Yubikeys that can be used to log
|
||||
in as specific users. See the https://github.com/Yubico/yubico-pam/wiki/ReadMe for more details about this.
|
||||
file called `~/.yubico/authorized_yubikeys`, or a system wide file called
|
||||
`/etc/yubikey_mappings` to specify which Yubikeys that can be used to log
|
||||
in as specific users. See https://developers.yubico.com/yubico-pam[the README]
|
||||
for more information.
|
||||
|
||||
The "use_first_pass" on the next line says that the password the pam_unix
|
||||
module should check should be received from the earlier PAM modules
|
||||
@ -18,7 +19,7 @@ and that the module should not query for passwords.
|
||||
|
||||
Of course, if you use username/password verification from a SQL
|
||||
database or LDAP, you need to change the second line above. But the
|
||||
module you use needs to support "use_first_pass" for this to work.
|
||||
module you use needs to support 'use_first_pass' for this to work.
|
||||
Most modules support this.
|
||||
|
||||
Be sure to comment out any other 'auth' lines in your PAM configuration,
|
||||
@ -30,4 +31,4 @@ OTP using your Yubikey. When prompted for the password, enter the Unix
|
||||
password first and then (without pressing enter) push the button on your
|
||||
Yubikey.
|
||||
|
||||
If it doesn't work, enable debugging (see https://github.com/Yubico/yubico-pam/wiki/ReadMe) and try again.
|
||||
If it doesn't work, enable debugging (see https://developers.yubico.com/yubico-pam[the README] and try again.
|
||||
|
Loading…
x
Reference in New Issue
Block a user