Update YubiKey_and_FreeRADIUS_via_PAM.adoc

doc/YubiKey_and_FreeRADIUS_via_PAM.adoc

@@ -1,11 +1,9 @@
-Yubico PAM Two-factor configuration guide
------------------------------------------
+== Yubico PAM Two-factor configuration guide ==
 
 Step by Step Guide for Configuration of Yubico PAM module to provide Two-factor
 legacy Username + password + YubiKey OTP authentication for RADIUS server.
 
-Introduction
-------------
+=== Introduction ===
 The purpose of this document is to guide readers through the configuration
 steps to enable two factor authentication using YubiKey and RADIUS server on
 Linux platform. This document assumes that the reader has advance knowledge
@@ -19,9 +17,7 @@ authentication or any popular directory service by configuring appropriate PAM
 modules in radiusd PAM configuration file.
 
 
-Prerequisites
--------------
-
+=== Prerequisites ===
 Successful configuration of the Yubico PAM module to support two factor
 authentication for RADIUS requires following prerequisites:
 
@@ -35,13 +31,10 @@ http://freeradius.org/download.html[FreeRADIUS]:: Version: 1.1.7 or later
 
 https://developers.yubico.com/yubico-pam[Yubico PAM Module]:: Version 1.8
 
-Configuration
--------------
+=== Configuration ===
 We assume that FreeRADIUS is already installed on the server.
 
-
-Configuration of FreeRADIUS server to support PAM authentication
-----------------------------------------------------------------
+==== Configuration of FreeRADIUS server to support PAM authentication ====
 
 * Edit the radiusd configuration file `/etc/raddb/radiusd.conf` to make
   following changes:
@@ -58,22 +51,19 @@ privileges, this is a mandatory step here.
     
 * Add sample client for testing in the client configuration
   file `/etc/raddb/clients.conf`.
-  
 
 * Edit the user configuration file `/etc/raddb/users`, changing
   `DEFAULT Auth-Type = System` to `DEFAULT Auth-Type = pam` for using
   PAM modules for user authentication.
 
 
-Installation of pam_yubico module
-----------------------------------
+=== Installation of pam_yubico module ===
 
 Build instructions for pam_yubico are available in the README.
 (https://github.com/Yubico/yubico-pam/wiki/ReadMe)
 
 
-Configuration of pam_yubico module 
-------------------------------------
+=== Configuration of pam_yubico module === 
 
 Configuration instructions for pam_yubico are also available in the README.
 (https://github.com/Yubico/yubico-pam/wiki/ReadMe)
@@ -83,8 +73,7 @@ or user level mapping, as this will control which users can connect to the
 system using RADIUS.
 
 
-Configuration of modified pam_yubico.so module at administrative level
-------------------------------------------------------------------------
+=== Configuration of modified pam_yubico.so module at administrative level ===
 
 Append the following line to the beginning of /etc/pam.d/radiusd file:
 
@@ -106,16 +95,14 @@ module reports failure. After successful verification of OTP Yubico PAM module
 from the Yubico authentication server, a success code is returned.
 
 
-User Level
-------------
+==== User Level ====
 
 Although, user level configuration of pam_yubico is possible, this might not
 be a desired configuration option in case of radisud daemon in most enterprise.
 
 
-Configuration of selinux policy to create exception for radiusd daemon
------------------------------------------------------------------------
-Local effective selinux policy must be updated to provide sufficient
+=== Configuration of SElinux policy to create exception for radiusd daemon ===
+Local effective SElinux policy must be updated to provide sufficient
 privileges to radiusd daemon on system resources. Please follow the steps below
 to configure effective selinux policy for radiusd daemon:
 
@@ -130,7 +117,7 @@ to configure effective selinux policy for radiusd daemon:
 * We can use audit2allow utility to provide selinux privileges to radiusd by
   using following sequence of commands:
 
-------
+----
 [root@testsrv ~]# audit2allow -m local -l -i /var/log/messages > local.te
 
 [root@testsrv ~]# checkmodule -M -m -o local.mod local.te
@@ -138,7 +125,7 @@ to configure effective selinux policy for radiusd daemon:
 [root@testsrv ~]# semodule_package -o local.pp -m local.mod
 
 [root@testsrv ~]# semodule -i local.pp
-------
+----
 
 For more selinux policy updating information and explanation of above commands
 please visit the following website:
@@ -146,8 +133,7 @@ please visit the following website:
  http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
 
 
-Test Setup
-----------
+=== Test Setup ===
 
 Our test environment is as follows:
 
@@ -156,18 +142,17 @@ FreeRADIUS Server:: FreeRADIUS Version 1.1.7
 Yubico PAM:: pam_yubico Version 1.8
 /etc/pam.d/radiusd file::
 
-------
+----
 auth      	 required     	pam_yubico.so authfile=/etc/yubikeyid id=16 debug
 auth       	 include     	system-auth
 account   	 required  	pam_nologin.so
 account    	 include      	system-auth
 password  	 include     	system-auth
 session    	 include     	system-auth
-------
+----
 
 
-Testing the configuration :
----------------------------
+=== Testing the configuration ===
 
 We have tested the pam_yubico configuration on following Linux sever platforms:
 
@@ -184,17 +169,17 @@ Fedora 6:
 * Yubico PAM: pam_yubico  Version 1.8
 
 To test the RADIUS two factor authentication with YubiKey, we can use
-“radtest” radius client. The command is as follows:
+'radtest' radius client. The command is as follows:
 
-------
-  [root@testsrv ~]# radtest {username} \
-  		    	    {password followed by YubiKey generated OTP} \
-  			    {radius-server}:{radius server port} \
-			    {nas-port-number} \
-			    {secret/ppphint/nasname}
+----
+[root@testsrv ~]# radtest {username} \
+  	    	    {password followed by YubiKey generated OTP} \
+  		    {radius-server}:{radius server port} \
+		    {nas-port-number} \
+		    {secret/ppphint/nasname}
 
-  [root@testsrv ~]# radtest test test123vrkvit...bekkjc 127.0.0.1 0 testing123
-------
+[root@testsrv ~]# radtest test test123vrkvit...bekkjc 127.0.0.1 0 testing123
+----
 
 
 NOTE: