1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-03-15 18:29:16 +01:00

Fixed adoc error

This commit is contained in:
Henrik Stråth 2014-10-30 11:14:55 +01:00
parent 7eef2deca0
commit d1ab4539e4

View File

@ -1,4 +1,4 @@
=== Introduction ===
== Introduction ==
The purpose of this document is to guide readers through the configuration
steps to use two factor authentication for SSH using Yubikey. This document
@ -6,7 +6,7 @@ assumes that the reader has advanced knowledge and experience in Linux
system administration, particularly for how PAM authentication mechanism is
configured on a Linux platform.
=== Prerequisites ===
== Prerequisites ==
Successful configuration of the Yubico PAM module to support two factor
authentication requires following prerequisites:
@ -22,7 +22,7 @@ Version 1.5 or later
https://developers.yubico.com/yubico-pam[Yubico PAM Module]:: Version 1.7 or later
=== System Requirements ===
== System Requirements ==
This document illustrates the configuration steps for Fedora Core 8
operating system. However, there steps should work on most other Linux
@ -37,20 +37,20 @@ for the user and the One-Time Password (OTP) generated by Yubikey assigned
to the user.
=== Build yubico-c-client and pam_yubico ===
== Build yubico-c-client and pam_yubico ==
Build instructions for yubico-c-client and pam_yubico are found in their
respective README.
=== Configuration ===
== Configuration ==
==== Configuration for user and YubiKey token ID mapping ====
=== Configuration for user and YubiKey token ID mapping ===
There are two ways of user and YubiKey token ID mapping. It can be either
done at administrative level or at individual user level.
===== Administrative Level =====
==== Administrative Level ====
In Administrative level, system administrators hold right to configure the
user and yubikey token ID mapping. Administrators can achieve this by creating
@ -83,7 +83,7 @@ kurt:ertbhunjimko
The mapping file must be created/updated manually before configuration of
Yubico PAM module for SSH authentication.
====== Configuration of modified pam_yubico.so module at administrative level ======
===== Configuration of modified pam_yubico.so module at administrative level =====
Append the following line to the beginning of the `/etc/pam.d/sshd` file:
@ -104,7 +104,7 @@ successful verification of OTP Yubico PAM module from the Yubico
authentication server, a success code is returned.
===== User Level =====
==== User Level ====
In User level, individual users have the ability to configure yubikey token
ID assigned to them. Users can achieve this by creating a new file
@ -129,7 +129,7 @@ be placed inside user's home directory before configuration of Yubico PAM
module for SSH authentication.
====== Configuration of modified pam_yubico.so module at user level ======
===== Configuration of modified pam_yubico.so module at user level =====
Append the following line to the beginning of the `/etc/pam.d/sshd` file:
@ -146,7 +146,7 @@ successful verification of OTP Yubico PAM module from the Yubico authentication
server, a success code is returned.
==== pam_unix.so configuration ====
=== pam_unix.so configuration ===
Append _try_first_pass_ parameter to the _pam_unix.so_ module to authenticate
the user with password passed from the preceding auth module.
@ -155,16 +155,16 @@ The _pam_unix.so_ module used for authentication is generally located into
`/etc/pam.d/system-auth` for RedHat based Linux system and into
`/etc/pam.d/common-auth` for Debian based Linux systems.
==== SSH configuration ====
=== SSH configuration ===
Edit the sshd configuration file `/etc/ssh/sshd_config`_ to disable challenge-
response passwords. Change `challenge-response passwords yes` to
`challenge-response passwords no`.
=== Test Setup ===
== Test Setup ==
==== Fedora 8 ====
=== Fedora 8 ===
Test setup for fedora 8 environment is as follows:
@ -173,7 +173,7 @@ Kernel Version:: Kernel version 2.6.23.1-42.fc8
OpenSSH Version:: openssh-4.7p1-2.fc8
Yubico PAM Version:: pam_yubico-1.7
==== Fedora 6 ====
=== Fedora 6 ===
Test setup for fedora 6 environment is as follows:
@ -183,12 +183,12 @@ OpenSSH Version:: openssh-4.3p2-10
Yubico PAM Version:: pam_yubico-1.7
==== PAM configuration ====
=== PAM configuration ===
PAM configuration files in our testing environment are as follows:
===== /etc/pam.d/sshd =====
==== /etc/pam.d/sshd ====
-------
auth required pam_yubico.so authfile=/etc/yubikeyid id=16 debug
auth include system-auth
@ -201,7 +201,7 @@ session required pam_loginuid.so
-------
===== /etc/yubikeyid =====
==== /etc/yubikeyid ====
-------
root:indvnvlcbdre:ldvglinuddek
@ -218,7 +218,7 @@ Please change PAM configuration settings for SSH as shown above and test the
configuration.
=== Testing the Configuration ===
== Testing the Configuration ==
We assume that you have 'root' and 'test' user configured to access SSH on your
test environment with password 'secret' and 'pencil' respectively.