Follow

How do I set up GDM on GNOME for AuthAnvil Two Factor Auth Authentication using PAM RADIUS?

Configuring GDM to support RADIUS Authentication

Step 1 – Run apt-get install libpam-radius-auth to install the PAM Radius Authentication Module (pam_radius_auth).

Step 2 – Configure GDM for RADIUS Authentication by editing /etc/pam.d/gdm and adding the following line below the line #%PAM-1.0:

auth        required     /lib/security/pam_radius_auth.so

Note: If you need more verbose output, you can add the word debug to this line so that it reads:

auth        required     /lib/security/pam_radius_auth.so debug

Note: If you want the system to fail over to regular password authentication if the network connection is down, you can add the word localifdown to this line so that it reads: (Note that this represents a possible attack vector)

auth        required     /lib/security/pam_radius_auth.so localifdown

Note: If you comment out the following line, the system will not attempt to authenticate via standard Un*x password authentication, and use RADIUS Authentication via AuthAnvil only.

@include common-auth

Step 3 – Edit the file /etc/pam_radius_auth.conf (/etc/raddb/server on some systems) and under the line:

127.0.0.1       secret      1

Add the line:

IP_address(:port)      shared_secret      timeout

Where IP_address is the IP address (and port, if using a RADIUS port other than the port defined in /etc/services) of your RADIUS server, shared_secret is the shared secret and timeout is the timeout value in seconds.

Step 4 – Log out of the system and return to the GDM Authentication Prompt 

Step 5 – Enter your AuthAnvil PIN + OTP in the password field and click Log in. Shortly, a second password field will appear. Enter your regular Linux password in this field and click Log In. You will be delivered to your desktop.

Note: This configuration only protects GDM. A terminal logon or remote logon will still use the regular Linux password only. Due to the configurable nature of PAM, authentication on any login method can be strengthened by editing the appropriate configuration files.

 

Other Configurations

For assistance with other configurations, including manually building and configuring the module, check out FreeRADIUS.org’s usage guide for the PAM Authentication and Accounting module. This guide includes a sample configuration file for other configurations, as well as other usage instructions.


Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk