mirror of
https://github.com/Yubico/yubico-pam.git
synced 2025-03-15 18:29:16 +01:00
Fixed adoc error
This commit is contained in:
Henrik Stråth
parent
7eef2deca0
commit
d1ab4539e4
@ -1,4 +1,4 @@
|
||||
=== Introduction ===
|
||||
== Introduction ==
|
||||
|
||||
The purpose of this document is to guide readers through the configuration
|
||||
steps to use two factor authentication for SSH using Yubikey. This document
|
||||
@ -6,7 +6,7 @@ assumes that the reader has advanced knowledge and experience in Linux
|
||||
system administration, particularly for how PAM authentication mechanism is
|
||||
configured on a Linux platform.
|
||||
|
||||
=== Prerequisites ===
|
||||
== Prerequisites ==
|
||||
|
||||
Successful configuration of the Yubico PAM module to support two factor
|
||||
authentication requires following prerequisites:
|
||||
@ -22,7 +22,7 @@ Version 1.5 or later
|
||||
|
||||
https://developers.yubico.com/yubico-pam[Yubico PAM Module]:: Version 1.7 or later
|
||||
|
||||
=== System Requirements ===
|
||||
== System Requirements ==
|
||||
|
||||
This document illustrates the configuration steps for Fedora Core 8
|
||||
operating system. However, there steps should work on most other Linux
|
||||
@ -37,20 +37,20 @@ for the user and the One-Time Password (OTP) generated by Yubikey assigned
|
||||
to the user.
|
||||
|
||||
|
||||
=== Build yubico-c-client and pam_yubico ===
|
||||
== Build yubico-c-client and pam_yubico ==
|
||||
|
||||
Build instructions for yubico-c-client and pam_yubico are found in their
|
||||
respective README.
|
||||
|
||||
|
||||
=== Configuration ===
|
||||
== Configuration ==
|
||||
|
||||
==== Configuration for user and YubiKey token ID mapping ====
|
||||
=== Configuration for user and YubiKey token ID mapping ===
|
||||
|
||||
There are two ways of user and YubiKey token ID mapping. It can be either
|
||||
done at administrative level or at individual user level.
|
||||
|
||||
===== Administrative Level =====
|
||||
==== Administrative Level ====
|
||||
|
||||
In Administrative level, system administrators hold right to configure the
|
||||
user and yubikey token ID mapping. Administrators can achieve this by creating
|
||||
@ -83,7 +83,7 @@ kurt:ertbhunjimko
|
||||
The mapping file must be created/updated manually before configuration of
|
||||
Yubico PAM module for SSH authentication.
|
||||
|
||||
====== Configuration of modified pam_yubico.so module at administrative level ======
|
||||
===== Configuration of modified pam_yubico.so module at administrative level =====
|
||||
|
||||
Append the following line to the beginning of the `/etc/pam.d/sshd` file:
|
||||
|
||||
@ -104,7 +104,7 @@ successful verification of OTP Yubico PAM module from the Yubico
|
||||
authentication server, a success code is returned.
|
||||
|
||||
|
||||
===== User Level =====
|
||||
==== User Level ====
|
||||
|
||||
In User level, individual users have the ability to configure yubikey token
|
||||
ID assigned to them. Users can achieve this by creating a new file
|
||||
@ -129,7 +129,7 @@ be placed inside user's home directory before configuration of Yubico PAM
|
||||
module for SSH authentication.
|
||||
|
||||
|
||||
====== Configuration of modified pam_yubico.so module at user level ======
|
||||
===== Configuration of modified pam_yubico.so module at user level =====
|
||||
|
||||
Append the following line to the beginning of the `/etc/pam.d/sshd` file:
|
||||
|
||||
@ -146,7 +146,7 @@ successful verification of OTP Yubico PAM module from the Yubico authentication
|
||||
server, a success code is returned.
|
||||
|
||||
|
||||
==== pam_unix.so configuration ====
|
||||
=== pam_unix.so configuration ===
|
||||
|
||||
Append _try_first_pass_ parameter to the _pam_unix.so_ module to authenticate
|
||||
the user with password passed from the preceding auth module.
|
||||
@ -155,16 +155,16 @@ The _pam_unix.so_ module used for authentication is generally located into
|
||||
`/etc/pam.d/system-auth` for RedHat based Linux system and into
|
||||
`/etc/pam.d/common-auth` for Debian based Linux systems.
|
||||
|
||||
==== SSH configuration ====
|
||||
=== SSH configuration ===
|
||||
|
||||
Edit the sshd configuration file `/etc/ssh/sshd_config`_ to disable challenge-
|
||||
response passwords. Change `challenge-response passwords yes` to
|
||||
`challenge-response passwords no`.
|
||||
|
||||
|
||||
=== Test Setup ===
|
||||
== Test Setup ==
|
||||
|
||||
==== Fedora 8 ====
|
||||
=== Fedora 8 ===
|
||||
|
||||
Test setup for fedora 8 environment is as follows:
|
||||
|
||||
@ -173,7 +173,7 @@ Kernel Version:: Kernel version 2.6.23.1-42.fc8
|
||||
OpenSSH Version:: openssh-4.7p1-2.fc8
|
||||
Yubico PAM Version:: pam_yubico-1.7
|
||||
|
||||
==== Fedora 6 ====
|
||||
=== Fedora 6 ===
|
||||
|
||||
Test setup for fedora 6 environment is as follows:
|
||||
|
||||
@ -183,12 +183,12 @@ OpenSSH Version:: openssh-4.3p2-10
|
||||
Yubico PAM Version:: pam_yubico-1.7
|
||||
|
||||
|
||||
==== PAM configuration ====
|
||||
=== PAM configuration ===
|
||||
|
||||
PAM configuration files in our testing environment are as follows:
|
||||
|
||||
|
||||
===== /etc/pam.d/sshd =====
|
||||
==== /etc/pam.d/sshd ====
|
||||
-------
|
||||
auth required pam_yubico.so authfile=/etc/yubikeyid id=16 debug
|
||||
auth include system-auth
|
||||
@ -201,7 +201,7 @@ session required pam_loginuid.so
|
||||
-------
|
||||
|
||||
|
||||
===== /etc/yubikeyid =====
|
||||
==== /etc/yubikeyid ====
|
||||
|
||||
-------
|
||||
root:indvnvlcbdre:ldvglinuddek
|
||||
@ -218,7 +218,7 @@ Please change PAM configuration settings for SSH as shown above and test the
|
||||
configuration.
|
||||
|
||||
|
||||
=== Testing the Configuration ===
|
||||
== Testing the Configuration ==
|
||||
|
||||
We assume that you have 'root' and 'test' user configured to access SSH on your
|
||||
test environment with password 'secret' and 'pencil' respectively.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user