Page created: 3 Jun 2020
|
Page updated: 14 Dec 2020
| 1 min read
PingId Product
This is an example configuration of PingID SSH for PAM on Solaris.
Note:
This assumes that you specified --prefix=/usr in the configure
command.
-
Edit the pam.conf file.
sudo vi /etc/pam.conf -
Replace these lines:
with these lines:# # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth required pam_unix_auth.so.1# # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth requisite pam_unix_auth.so.1 other auth required pam_pingid.so -
If you want to apply PingID on SSH, edit the sshd_config
file.
sudo vi /etc/ssh/sshd_config-
Set the following configurations:
- PAMAuthenticationViaKBDInt to yes
- ChallengeResponseAuthentication to yes
- PasswordAuthentication to no
-
Set the following configurations:
-
Configure PAM for public key authentication by adding the following line to the
SSHD configuration file, sshd_config.
AuthenticationMethods publickey,keyboard-interactive -
Remove pam_unix.so from the PAM configuration for SSHD to
prevent PingID from displaying a password prompt for the keyboard-interactive
authentication method.
Note:To check the OpenSSH version, run:
ssh -V -
To apply the changes and activate PingID multi-factor authentication (MFA)
integration with SSH, restart the sshd service.
sudo service sshd restart