From 4ede6caa80b7721a7c798ca572b33ee72dd76702 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henrik=20Str=C3=A5th?= Date: Wed, 29 Oct 2014 17:41:02 +0100 Subject: [PATCH] Update YubiKey_and_FreeRADIUS_via_PAM.adoc --- doc/YubiKey_and_FreeRADIUS_via_PAM.adoc | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/doc/YubiKey_and_FreeRADIUS_via_PAM.adoc b/doc/YubiKey_and_FreeRADIUS_via_PAM.adoc index cc5326b..2c4d131 100644 --- a/doc/YubiKey_and_FreeRADIUS_via_PAM.adoc +++ b/doc/YubiKey_and_FreeRADIUS_via_PAM.adoc @@ -19,9 +19,6 @@ authentication or any popular directory service by configuring appropriate PAM modules in radiusd PAM configuration file. -Details -------- - Prerequisites ------------- @@ -42,8 +39,9 @@ Configuration ------------- We assume that FreeRADIUS is already installed on the server. -Configuration of FreeRADIUS server to support PAM authentication : ------------------------------------------------------------------- + +Configuration of FreeRADIUS server to support PAM authentication +---------------------------------------------------------------- * Edit the radiusd configuration file `/etc/raddb/radiusd.conf` to make following changes: @@ -68,12 +66,15 @@ privileges, this is a mandatory step here. Installation of pam_yubico module ------------------------------------ +---------------------------------- + Build instructions for pam_yubico are available in the README. (https://github.com/Yubico/yubico-pam/wiki/ReadMe) + Configuration of pam_yubico module ------------------------------------ + Configuration instructions for pam_yubico are also available in the README. (https://github.com/Yubico/yubico-pam/wiki/ReadMe) @@ -81,6 +82,7 @@ NOTE: Make sure you set your system up for either central authorization mapping, or user level mapping, as this will control which users can connect to the system using RADIUS. + Configuration of modified pam_yubico.so module at administrative level ------------------------------------------------------------------------ @@ -163,6 +165,7 @@ password include system-auth session include system-auth ------ + Testing the configuration : --------------------------- @@ -194,8 +197,7 @@ To test the RADIUS two factor authentication with YubiKey, we can use ------ -Note : ------- +NOTE: The FreeRADIUS server version 1.1.3 seems to have problems regarding memory management and it may result in Segmentation Fault if configured with Yubico PAM module. We recommend using FreeRADIUS server version 1.1.7 or above.