diff --git a/doc/YubiKey_and_FreeRADIUS_via_PAM.adoc b/doc/YubiKey_and_FreeRADIUS_via_PAM.adoc index cc5326b..2c4d131 100644 --- a/doc/YubiKey_and_FreeRADIUS_via_PAM.adoc +++ b/doc/YubiKey_and_FreeRADIUS_via_PAM.adoc @@ -19,9 +19,6 @@ authentication or any popular directory service by configuring appropriate PAM modules in radiusd PAM configuration file. -Details -------- - Prerequisites ------------- @@ -42,8 +39,9 @@ Configuration ------------- We assume that FreeRADIUS is already installed on the server. -Configuration of FreeRADIUS server to support PAM authentication : ------------------------------------------------------------------- + +Configuration of FreeRADIUS server to support PAM authentication +---------------------------------------------------------------- * Edit the radiusd configuration file `/etc/raddb/radiusd.conf` to make following changes: @@ -68,12 +66,15 @@ privileges, this is a mandatory step here. Installation of pam_yubico module ------------------------------------ +---------------------------------- + Build instructions for pam_yubico are available in the README. (https://github.com/Yubico/yubico-pam/wiki/ReadMe) + Configuration of pam_yubico module ------------------------------------ + Configuration instructions for pam_yubico are also available in the README. (https://github.com/Yubico/yubico-pam/wiki/ReadMe) @@ -81,6 +82,7 @@ NOTE: Make sure you set your system up for either central authorization mapping, or user level mapping, as this will control which users can connect to the system using RADIUS. + Configuration of modified pam_yubico.so module at administrative level ------------------------------------------------------------------------ @@ -163,6 +165,7 @@ password include system-auth session include system-auth ------ + Testing the configuration : --------------------------- @@ -194,8 +197,7 @@ To test the RADIUS two factor authentication with YubiKey, we can use ------ -Note : ------- +NOTE: The FreeRADIUS server version 1.1.3 seems to have problems regarding memory management and it may result in Segmentation Fault if configured with Yubico PAM module. We recommend using FreeRADIUS server version 1.1.7 or above.