Note:

This assumes that you specified --prefix=/usr in the configure command.

  1. Edit the pam.conf file.
    sudo vi /etc/pam.conf
  2. Replace these lines:
    #
    # Default definitions for Authentication management
    # Used when service name is not explicitly mentioned for authentication
    #
    other   auth requisite          pam_authtok_get.so.1
    other   auth required           pam_dhkeys.so.1
    other   auth required           pam_unix_cred.so.1
    other   auth required           pam_unix_auth.so.1
    
    with these lines:
    #
    # Default definitions for Authentication management
    # Used when service name is not explicitly mentioned for authentication
    #
    other   auth requisite          pam_authtok_get.so.1
    other   auth required           pam_dhkeys.so.1
    other   auth required           pam_unix_cred.so.1
    other   auth requisite          pam_unix_auth.so.1
    other   auth required           pam_pingid.so
    
  3. If you want to apply PingID on SSH, edit the sshd_config file.
    sudo vi /etc/ssh/sshd_config
    1. Set the following configurations:
      • PAMAuthenticationViaKBDInt to yes
      • ChallengeResponseAuthentication to yes
      • PasswordAuthentication to no
  4. Configure PAM for public key authentication by adding the following line to the SSHD configuration file, sshd_config.
    
                   AuthenticationMethods publickey,keyboard-interactive
                
  5. Remove pam_unix.so from the PAM configuration for SSHD to prevent PingID from displaying a password prompt for the keyboard-interactive authentication method.
    Note:
    To check the OpenSSH version, run:
     ssh -V
  6. To apply the changes and activate PingID multi-factor authentication (MFA) integration with SSH, restart the sshd service.
    sudo service sshd restart
Pair the end user device. For more information, see Pairing the end user device.