Could anyone help me for enable dual authentication , I did TOKEN only but I need user password plus token to implement!
thanks
Could anyone help me for enable dual authentication , I did TOKEN only but I need user password plus token to implement!
thanks
Would you able to help on pam
#sudo su -
#pbrun su -
Answers to Above
Configure sudo
If you require sudo, you must configure the sudo command to prompt users for the authentication methods
supported by the Cloud Authentication Service and RSA Authentication Manager.
Before you begin
Download and install the supported sudo version from https://www.sudo.ws.
Procedure
1. Change to the /etc/pam.d directory.
2. Open the sudo file.
3. Comment any lines that begin with auth.
4. Add the line:
auth required pam_securid.so
For pbrun I don't see a supported method in the install guide. can look up for any files related to pbrun from the /etc/pam.d directory ??
If you see it you could add the line auth required pam_securid.so and see if that helps (Not supported)
Note that making pam_securid.so work and integrate into the stack the way you want, is both:
-'PAM stacking 101' (a lot of general knowledge of pam stacking is on the web)
-but our RSA module is very linux version specific.
So, it would be key to know the exact version and build of operating system you are trying to configure PAM as well as the version of ldap connector (winbind, sssd...other)....if issues continue and you can't make it work.
However, sharing specific details about your infrastructure on a public forum may not be the best way to solve this, a support case is better if the situation is not resolvable with quick ideas.
open with file editor the /etc/pam.d/sshd file
add these 3 lines for auth
a) auth required pam_securid.so
b) auth sufficient pam_unix.so (for local unix accounts)
c) auth sufficient pam_sss.so (for LDAP accounts)
or
add these 2 lines for auth
a) auth required pam_securid.so
b) auth sub-stack password-auth
If the above doesn't resolve then you may provide us with the log file /var/log/secure and open a case for further investigation - refer 000036161 - How to open a technical support case via the Case Management portal on RSA Link