AnsweredAssumed Answered

NEED enable dual authentication ( password and RSA token both enable in linux )

Question asked by EMDADUL HAQUE on Jan 16, 2020
Latest reply on Jan 22, 2020 by Edward Davis

Like • Show 0 Likes0
Comment • 4

Could anyone help me for enable dual authentication , I did TOKEN only but I need user password plus token to implement!

thanks

No one else has this question

Outcomes

4 Replies

Sriranga Prasanna Jan 16, 2020 2:49 PM
Mark Correct
Correct Answer
open with file editor the /etc/pam.d/sshd file

add these 3 lines for auth
a) auth required pam_securid.so
b) auth sufficient pam_unix.so (for local unix accounts)
c) auth sufficient pam_sss.so (for LDAP accounts)

or
add these 2 lines for auth
a) auth required pam_securid.so
b) auth sub-stack password-auth

If the above doesn't resolve then you may provide us with the log file /var/log/secure and open a case for further investigation - refer 000036161 - How to open a technical support case via the Case Management portal on RSA Link
Like • Show 0 Likes0
Actions
EMDADUL HAQUE Jan 21, 2020 11:10 AM
Mark Correct
Correct Answer
powerbroker (elevate account ) what to change on pam, there is a file called powerbroker witj LDAP
Like • Show 0 Likes0
Actions
- Sriranga Prasanna @ EMDADUL HAQUE on Jan 22, 2020 8:06 AM
  Mark Correct
  Correct Answer
  Would you able to help on pam
  #sudo su -
  #pbrun su -
  
  Answers to Above
  
  Configure sudo
  If you require sudo, you must configure the sudo command to prompt users for the authentication methods
  supported by the Cloud Authentication Service and RSA Authentication Manager.
  Before you begin
  Download and install the supported sudo version from https://www.sudo.ws.
  Procedure
  1. Change to the /etc/pam.d directory.
  2. Open the sudo file.
  3. Comment any lines that begin with auth.
  4. Add the line:
  auth required pam_securid.so
  
  For pbrun I don't see a supported method in the install guide. can look up for any files related to pbrun from the /etc/pam.d directory ??
  If you see it you could add the line auth required pam_securid.so and see if that helps (Not supported)
  Like • Show 0 Likes0
  Actions
  - Edward Davis @ Sriranga Prasanna on Jan 22, 2020 8:50 AM
    Mark Correct
    Correct Answer
    Note that making pam_securid.so work and integrate into the stack the way you want, is both:
    
    -'PAM stacking 101' (a lot of general knowledge of pam stacking is on the web)
    -but our RSA module is very linux version specific.
    
    So, it would be key to know the exact version and build of operating system you are trying to configure PAM as well as the version of ldap connector (winbind, sssd...other)....if issues continue and you can't make it work.
    
    However, sharing specific details about your infrastructure on a public forum may not be the best way to solve this, a support case is better if the situation is not resolvable with quick ideas.
    1 person found this helpful
    Like • Show 1 Like1
    Actions

NEED enable dual authentication ( password and RSA token both enable in linux )

Outcomes

Related Content

Recommended Content