headers
Gergely Buday | 10 Feb 13:03
Picon

pam configuration for mobile one-time-password

Hi,

I am trying to configure mobile one-time-password so that ssh
authenticates with that. See

http://motp.sourceforge.net/

for details. I was suggested to add

auth       sufficient   /lib64/security/pam_mobile_otp.so not_set_pass
password   required     /lib64/security/pam_mobile_otp.so debug
account    required     /lib64/security/pam_mobile_otp.so

to the beginning of /etc/pam.d/sshd . But it is not clear how should I
rewrite the default rest. Simply leaving the rest intact I get the
following behaviour: upon bad passcode I get "passcode not accepted"
in /var/log/messages. Upon good code nothing appears there, but the
login does not happen. What sequence of pam shared objects should run
on fedora 16 to make the login happen? Or, how should I rewrite the
lines below to make it work? I tried several variations but in vain.

Here is the rest of /etc/pam.d/sshd :

auth      required     pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
(Continue reading)

Permalink | Reply |
headers
Gergely Buday | 10 Feb 15:27
Picon

Re: pam configuration for mobile one-time-password

By using a non-root userid it works. So the problem was with using
root in motp.conf. Sorry to bother the list with this but there is no
mailing list for the mobile one-time-password project.

- Gergely
--

-- 
users mailing list
users <at> lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
Permalink | Reply |

Gmane