Update Yubikey_and_SSH_via_PAM.adoc

doc/Yubikey_and_SSH_via_PAM.adoc

@@ -32,39 +32,30 @@ This document illustrates the configuration steps for Fedora Core 8
 operating system. However, there steps should work on most other Linux
 distributions.
 
-The Yubico PAM module for SSH can be downloaded from: 
+The Yubico PAM module for SSH can be downloaded from
-
+https://developers.yubico.com/yubico-pam/releases.html[here].
-https://developers.yubico.com/yubico-pam/releases.html
 
 The Yubico PAM module support two factor authentication for SSH.
 The two factor authentication module verifies the user name and password
-for the user and the one time password (OTP) generated by Yubikey assigned
+for the user and the One-Time Password (OTP) generated by Yubikey assigned
 to the user.
 
 
 Build yubico-c-client and pam_yubico
 ------------------------------------
 
-Build instructions for yubico-c-client are found in the README:
+Build instructions for yubico-c-client and pam_yubico are found in their
-
+respective README.
-https://github.com/Yubico/yubico-c-client/wiki/ReadMe
-
-Build instructions for pam_yubico are found in the README:
-
-https://github.com/Yubico/yubico-pam/wiki/ReadMe
 
 
-Configuration
+=== Configuration ===
--------------
 
-Configuration for user and yubikey token ID mapping:
+==== Configuration for user and YubiKey token ID mapping ====
-----------------------------------------------------
 
-There are two ways of user and yubikey token ID mapping. It can be either
+There are two ways of user and YubiKey token ID mapping. It can be either
 done at administrative level or at individual user level.
 
-1) Administrative Level:
+===== Administrative Level =====
-------------------------
 
 In Administrative level, system administrators hold right to configure the
 user and yubikey token ID mapping. Administrators can achieve this by creating
@@ -97,8 +88,7 @@ kurt:ertbhunjimko
 The mapping file must be created/updated manually before configuration of
 Yubico PAM module for SSH authentication.
 
-Configuration of modified pam_yubico.so module at administrative level:
+====== Configuration of modified pam_yubico.so module at administrative level ======
------------------------------------------------------------------------
 
 Append the following line to the beginning of /etc/pam.d/sshd file:
 
@@ -119,8 +109,8 @@ successful verification of OTP Yubico PAM module from the Yubico
 authentication server, a success code is returned.
 
 
-2) User Level:
+===== User Level =====
---------------
+
 In User level, individual users have the ability to configure yubikey token
 ID assigned to them. Users can achieve this by creating a new file
 ".yubico/authorized_yubikeys" inside their home directories that contains
@@ -144,8 +134,7 @@ be placed inside user's home directory before configuration of Yubico PAM
 module for SSH authentication.
 
 
-Configuration of modified pam_yubico.so module at user level:
+====== Configuration of modified pam_yubico.so module at user level ======
--------------------------------------------------------------
 
 Append the following line to the beginning of /etc/pam.d/sshd file:
 
@@ -162,8 +151,8 @@ successful verification of OTP Yubico PAM module from the Yubico authentication
 server, a success code is returned.
 
 
-3) pam_unix.so configuration:
+==== pam_unix.so configuration ====
------------------------------
+
 Append _try_first_pass_ parameter to the _pam_unix.so_ module to authenticate
 the user with password passed from the preceding auth module. 
 
@@ -171,18 +160,16 @@ The _pam_unix.so_ module used for authentication is generally located into
 `/etc/pam.d/system-auth` for RedHat based Linux system and into
 `/etc/pam.d/common-auth` for Debian based Linux systems.
 
-4) SSH configuration:
+==== SSH configuration ====
 ---------------------
 Edit the sshd configuration file `/etc/ssh/sshd_config`_ to disable challenge-
 response passwords. Change `challenge-response passwords yes` to
 `challenge-response passwords no`.
 
 
-Test Setup:
+=== Test Setup ===
------------
 
-A) Fedora 8:
+==== Fedora 8 ====
-------------
 
 Test setup for fedora 8 environment is as follows:
 
@@ -191,8 +178,7 @@ Test setup for fedora 8 environment is as follows:
 * OpenSSH Version : openssh-4.7p1-2.fc8
 * Yubico PAM Version: pam_yubico-1.7
 
-B) Fedora 6:
+==== Fedora 6 ====
-------------
 
 Test setup for fedora 6 environment is as follows:
 
@@ -202,22 +188,21 @@ Test setup for fedora 6 environment is as follows:
 * Yubico PAM Version: pam_yubico-1.7
 
 
-PAM configuration:
+==== PAM configuration ====
-------------------
 
 PAM configuration files in our testing environment are as follows:
 
 * /etc/pam.d/sshd:
 
 -------
-    auth           required  	 pam_yubico.so authfile=/etc/yubikeyid id=16 debug
+auth           required  	 pam_yubico.so authfile=/etc/yubikeyid id=16 debug
-    auth           include   	 system-auth
+auth           include   	 system-auth
-    account        required  	 pam_nologin.so
+account        required  	 pam_nologin.so
-    account        include   	 system-auth
+account        include   	 system-auth
-    password       include   	 system-auth
+password       include   	 system-auth
-    session        optional  	 pam_keyinit.so force revoke
+session        optional  	 pam_keyinit.so force revoke
-    session        include   	 system-auth
+session        include   	 system-auth
-    session        required  	 pam_loginuid.so
+session        required  	 pam_loginuid.so
 -------
 
 
@@ -238,10 +223,9 @@ Please change PAM configuration settings for SSH as shown above and test the
 configuration. 
 
 
-Testing the Configuration:
+=== Testing the Configuration ===
---------------------------
 
-We assume that you have “root” and “test” user configured to access SSH on your
+We assume that you have 'root' and 'test' user configured to access SSH on your
 test environment with password “secret” and “pencil” respectively. 
  
 Use any standard SSH client for testing (We used SSH command line utility).