From bf248989b3cca361df98d645a1a5d8a07cb42b63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Str=C3=A5th?= <minisu@users.noreply.github.com>
Date: Wed, 29 Oct 2014 16:10:03 +0100
Subject: [PATCH] Update and rename YubiKeyAndOpenVPNviaPAM.txt to
 YubiKey_and_OpenVPN_via_PAM.adoc

---
 ...M.txt => YubiKey_and_OpenVPN_via_PAM.adoc} | 57 ++++++++-----------
 1 file changed, 25 insertions(+), 32 deletions(-)
 rename doc/{YubiKeyAndOpenVPNviaPAM.txt => YubiKey_and_OpenVPN_via_PAM.adoc} (88%)

diff --git a/doc/YubiKeyAndOpenVPNviaPAM.txt b/doc/YubiKey_and_OpenVPN_via_PAM.adoc
similarity index 88%
rename from doc/YubiKeyAndOpenVPNviaPAM.txt
rename to doc/YubiKey_and_OpenVPN_via_PAM.adoc
index e11d51b..483811e 100644
--- a/doc/YubiKeyAndOpenVPNviaPAM.txt
+++ b/doc/YubiKey_and_OpenVPN_via_PAM.adoc
@@ -4,10 +4,6 @@ Introduction
 The purpose of this document is to guide readers through the configuration steps to use two factor authentication for OpenVPN using YubiKey. This document assumes that the reader has advanced knowledge and experience in Linux system administration, particularly for how PAM authentication mechanism is configured on a Linux platform.
 
 
-Details
--------
-
-
 Prerequisites
 -------------
 
@@ -55,9 +51,8 @@ a) Configuration of OpenVPN server to support PAM authentication:
   add following line to configure OpenVPN client for prompting username and
   password:
 
-------
-   auth-user-pass
-------
+ auth-user-pass
+
 
 b) Installation of pam_yubico module:
 -------------------------------------
@@ -96,15 +91,15 @@ each record are separated by “:” character similar to /etc/passwd.
 The contents of this file are as follows:
 
 ------
-   <user name>:<YubiKey PublicID>:<YubiKey PublicID>: ….
-   <user name>:<YubiKey PublicID >:<YubiKey PublicID>:…..
+<user name>:<YubiKey PublicID>:<YubiKey PublicID>: ….
+<user name>:<YubiKey PublicID >:<YubiKey PublicID>:…..
 ------
 e.g.:
 
 ------
-   paul:indvnvlcbdre:ldvglinuddek
-   simon:uturrufnjder:hjturefjtehv
-   kurt:ertbhunjimko
+paul:indvnvlcbdre:ldvglinuddek
+simon:uturrufnjder:hjturefjtehv
+kurt:ertbhunjimko
 ------
 
 The mapping file must be created/updated manually before configuration
@@ -165,12 +160,12 @@ iii) Yubico PAM: pam_yubico  Version 1.8
 iv) "/etc/pam.d/openvpn" file:
 
 ------
-   auth      	 required     pam_yubico.so authfile=/etc/yubikeyid id=16 debug
-   auth       	 include     	system-auth
-   account   	 required  	pam_nologin.so
-   account    	 include      	system-auth
-   password  	 include     	system-auth
-   session    	 include     	system-auth
+auth      	 required     pam_yubico.so authfile=/etc/yubikeyid id=16 debug
+auth       	 include     	system-auth
+account   	 required  	pam_nologin.so
+account    	 include      	system-auth
+password  	 include     	system-auth
+session    	 include     	system-auth
 ------
 
 e) Testing the configuration:
@@ -214,7 +209,7 @@ server demon, we can start OpenVPN Server demon at command line as
 follows instead of starting it using “init.d” script:
 
 ------
-      [root@testsrv ~]# /usr/sbin/openvpn --config /etc/openvpn/server.conf --daemon openvpn
+[root@testsrv ~]# /usr/sbin/openvpn --config /etc/openvpn/server.conf --daemon openvpn
 ------
 
 We can configure OpenVPN server demon to start at boot time by
@@ -255,18 +250,18 @@ contents to the file:
 used by pam_radius_auth PAM module. The content for the file is as follows:
 
 ------
-      <RADIUS server fully qualified domain name/IP Address> <Shared Secret>
+<RADIUS server fully qualified domain name/IP Address> <Shared Secret>
 
-      <RADIUS server fully qualified domain name/IP Address> <Shared Secret>
-      .
-      .
-      .
+<RADIUS server fully qualified domain name/IP Address> <Shared Secret>
+.
+.
+.
 ------
 
 e.g.:
 
 ------
-   freeradius.example.com Admin456
+freeradius.example.com Admin456
 ------
 
 We can configure failover support for RADIUS server by creating additional
@@ -284,9 +279,9 @@ iv) Yubico PAM: pam_yubico  Version 1.8
 v) "/etc/pam.d/openvpn" file:
 
 ------
-   account         required        pam_radius_auth.so
-   account         required        pam_radius_auth.so
-   auth            required        pam_radius_auth.so no_warn try_first_pass
+account         required        pam_radius_auth.so
+account         required        pam_radius_auth.so
+auth            required        pam_radius_auth.so no_warn try_first_pass
 ------
 
 B) Testing the configuration:
@@ -315,7 +310,7 @@ their YubiKey IDs accordingly.
 Please use the following command for testing:
 
 ------
-    [root@varsha ~]# openvpn /etc/openvpn/client.conf
+[root@varsha ~]# openvpn /etc/openvpn/client.conf
 ------
 
 OpenVPN client will first prompt for username, enter the username.
@@ -323,6 +318,4 @@ After that OpenVPN client will prompt for password, enter user’s
 password immediately followed by an OTP generated by a YubiKey.
 
 
-_Note:_
--------
-_Please use OpenVPN server Version 2.0.9 (Latest Stable Version), as older and newer beta versions have problems with PAM libraries. RADIUS authentication will fail if it is configured with older or latest beta versions of OpenVPN Server._
+NOTE: Please use OpenVPN server Version 2.0.9 (Latest Stable Version), as older and newer beta versions have problems with PAM libraries. RADIUS authentication will fail if it is configured with older or latest beta versions of OpenVPN Server.