Configuration example of PAM for Solaris
This is an example configuration of PingID SSH for PAM on Solaris.
About this task
This assumes that you specified |
Steps
-
Edit the
pam.conf
file.sudo vi /etc/pam.conf
-
Replace these lines:
# # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth required pam_unix_auth.so.1
with these lines:
# # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth requisite pam_unix_auth.so.1 other auth required pam_pingid.so
-
If you want to apply PingID on SSH, edit the
sshd_config
file.sudo vi /etc/ssh/sshd_config
-
Set the following configurations:
-
PAMAuthenticationViaKBDInt
toyes
-
ChallengeResponseAuthentication
toyes
-
PasswordAuthentication
tono
-
-
-
Configure PAM for public key authentication by adding the following line to the SSHD configuration file,
sshd_config
.AuthenticationMethods publickey,keyboard-interactive
-
Remove
pam_unix.so
from the PAM configuration for SSHD to prevent PingID from displaying a password prompt for the keyboard-interactive authentication method.To check the OpenSSH version, run:
ssh -V
-
To apply the changes and activate PingID multi-factor authentication (MFA) integration with SSH, restart the sshd service.
sudo service sshd restart