Hi,
Am looking for a config that would allow me to logon to a redhat 7 server using SSSD active directory name and password, then be asked for a securid token, we have this working on windows client flawlessly but cant find a working config using the securid and PAM, any suggestions
Cheers in advance
Head embedded in wall
Hi Ken,
The SecurID Linux PAM Agent works fine along side sssd to provide 2FA/MFA for AD account authentication on Linux. First configure sssd (join the AD Domain using realmd) to get the sssd / AD Authentication working. See RedHat's Windows Integration Guide for information on configuring sssd. Then install the SecurID Access Linux PAM Agent following the RSA SecurID Linux PAM Agent Installation and Configuration Guide for your Linux distribution.
Once both sssd and the SecurID Linux PAM Agent are installed, edit the PAM configuration files (/etc/pam.d) to enable SecurID for the desired services.
You can choose to require AD Username + Password + SecurID Authenticator
....
auth substack password-auth
auth required pam_securid.so
....
Or AD Username + SecurID Access Authenticator
....
#auth substack password-auth
auth required pam_securid.so
....
Note: Once sssd is working, the PAM auth setting "password-auth" = AD Password authentication.
I tested this configuration Using Win2018 AD, CentOS 7.5, and the RSA SecurID Linux PAM Agent v8.1.