PingID Administration Guide

Configuration example of PAM for Ubuntu/Debian

This is an example configuration of PingID SSH for PAM on Ubuntu and Debian distributions.

About this task

This process assumes that you specified --prefix=/usr in the configure command or installed from the binary package.

Steps

  1. Edit the relevant PAM conffile.

    sudo vim /etc/pam.d/common-auth
  2. Replace the line:

    auth  [success=1 default=ignore]  pam_unix.so nullok_secure

    with these lines:

    auth requisite pam_unix.so nullok_secure
    auth  [success=1 default=ignore]  /lib/security/pam_pingid.so
  3. Apply PingID to SSH by editing the sshd_config file:

    1. Run

      sudo vi /etc/ssh/sshd_config
    2. Set the following parameters:

      • UsePAM to yes

      • KbdInteractiveAuthentication to yes

      • PasswordAuthentication to no

  4. Optionally, configure PAM for public key authentication by adding the following line to the SSHD configuration file, sshd_config.

    AuthenticationMethods publickey,keyboard-interactive

    Remove pam_unix.so from the PAM configuration for SSHD, to prevent display of a password prompt for the keyboard-interactive authentication method.

    To check the OpenSSH version, run ssh -V.

  5. Restart the sshd service.

    sudo service sshd restart

Next steps

Pair the end user device.