rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-27 06:54:15 +01:00
Code Issues Projects Releases Wiki Activity

Clarify documentation; this example configuration is also useful for just regular pam_yubico configuration elsewhere against AD, too.

Browse Source
This commit is contained in:
Robert Giles 2017-12-14 10:04:48 -06:00
parent db0d7a548b
commit c0d1646853
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README
View File

@ -358,13 +358,15 @@ logins, add the following to the top of `/etc/pam.d/login`:
OpenVPN and ActiveDirectory OpenVPN and ActiveDirectory
--------------------------- ---------------------------
See Michael Ludvig's sample Active Directory schema extensions for YubiKey public ID attribute storage / association with a particular user account:
link:https://github.com/mludvig/yubikey-ldap/tree/master/microsoft-schema
create file '/etc/pam.d/openvpn': create file '/etc/pam.d/openvpn':
auth required pam_yubico.so ldap_uri=ldap://ldap-srv debug id=[Your API Client ID] yubi_attr=pager auth required pam_yubico.so ldap_uri=ldap://contoso.com debug id=[Your API ID] yubi_attr=yubiKeyId
ldapdn=dc=ad,dc=next-audience,dc=net ldapdn=DC=contoso,DC=com
ldap_filter=(&(sAMAccountName=%u)(memberOf=CN=mygroup,OU=DefaultUser,DC=adivser,DC=net)) ldap_filter=(&(sAMAccountName=%u)(objectClass=user)(memberOf=CN=somegroup,DC=contoso,DC=com))
ldap_bind_user=bind_user ldap_bind_password=bind_password try_first_pass ldap_bind_user=CN=binduser,CN=Users,DC=contoso,DC=com ldap_bind_password=bind_password try_first_pass
account required pam_yubico.so account required pam_yubico.so
create file 'openvpn.conf' create file 'openvpn.conf'