PingID Administration Guide

Configuration example of PAM for Red Hat

This procedure is an example configuration of PingID SSH for PAM on Red Hat.

About this task

This assumes that you specified --prefix=/usr in the configure command.

Steps

  1. Edit the relevant PAM conf file. sudo vi /etc/pam.d/system-auth

  2. Replace this line:

    auth      sufficient  pam_unix.so nullok try_first_pass

    with these lines:

    auth      requisite   pam_unix.so nullok try_first_pass
    auth      sufficient  pam_pingid.so
  3. Apply PingID to SSH by editing the sshd_config file:

    1. Run

      sudo vi /etc/ssh/sshd_config
    2. Set the following parameters:

      • usePAM to yes

      • ChallengeResponseAuthentication to yes

      • PasswordAuthentication to no

  4. Configure PAM for public key authentication by adding the following line to the SSHD configuration file, sshd_config.

    AuthenticationMethods publickey,keyboard-interactive

    Remove pam_unix.so from the PAM configuration for SSHD, to prevent display of a password prompt for the keyboard-interactive authentication method.

    PAM authentication is supported for SSHD with public key authentication, only when using OpenSSH 6.2 and later.

    To check the OpenSSH version, run ssh -V.

  5. Restart the sshd service.

    sudo service sshd restart