PingID Administration Guide

Configuration example of PAM for Solaris

This is an example configuration of PingID SSH for PAM on Solaris.

About this task

This assumes that you specified --prefix=/usr in the configure command.

Steps

  1. Edit the pam.conf file.

    sudo vi /etc/pam.conf

  2. Replace these lines:

    #
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_cred.so.1
other   auth required           pam_unix_auth.so.1

    with these lines:

    #
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_cred.so.1
other   auth requisite          pam_unix_auth.so.1
other   auth required           pam_pingid.so

  3. If you want to apply PingID on SSH, edit the sshd_config file.

    sudo vi /etc/ssh/sshd_config

    1. Set the following configurations:

      • PAMAuthenticationViaKBDInt to yes

      • ChallengeResponseAuthentication to yes

      • PasswordAuthentication to no

  4. Configure PAM for public key authentication by adding the following line to the SSHD configuration file, sshd_config.

                   AuthenticationMethods publickey,keyboard-interactive

  5. Remove pam_unix.so from the PAM configuration for SSHD to prevent PingID from displaying a password prompt for the keyboard-interactive authentication method.

    To check the OpenSSH version, run:

     ssh -V

  6. To apply the changes and activate PingID multi-factor authentication (MFA) integration with SSH, restart the sshd service.

    sudo service sshd restart