Difference between revisions of "Google Authenticator"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
| Line 1: | Line 1: | ||
https://www.linuxsysadmintutorials.com/setup-sudo-with-google-authenticator-for-2-factor-authentication-on-centos-7.html | https://www.linuxsysadmintutorials.com/setup-sudo-with-google-authenticator-for-2-factor-authentication-on-centos-7.html | ||
| + | |||
yum install -y git autoconf automake make libtool pam-devel | yum install -y git autoconf automake make libtool pam-devel | ||
git clone https://github.com/google/google-authenticator | git clone https://github.com/google/google-authenticator | ||
| Line 13: | Line 14: | ||
nano /etc/raddb/users | nano /etc/raddb/users | ||
<pre> | <pre> | ||
| − | DEFAULT Group == | + | DEFAULT Group == “GG_S_GOOGLE_AUTH_DISABLED”, Auth-Type := Reject |
| − | Reject | ||
Reply-Message = “Your account has been disabled.” | Reply-Message = “Your account has been disabled.” | ||
DEFAULT Auth-Type := PAM | DEFAULT Auth-Type := PAM | ||
</pre> | </pre> | ||
sed -i 's/^#\ \ \ \ \ \ \ pam/\ \ \ \ \ \ \ \ pam/' /etc/raddb/sites-enabled/default | sed -i 's/^#\ \ \ \ \ \ \ pam/\ \ \ \ \ \ \ \ pam/' /etc/raddb/sites-enabled/default | ||
| + | Comment out all lines in /etc/pam.d/radiusd then add the following | ||
| + | echo auth requisite pam_google_authenticator.so forward_pass >> /etc/pam.d/radiusd | ||
| + | echo auth required pam_lsass.so use_first_pass >> /etc/pam.d/radiusd | ||
Revision as of 14:59, 15 August 2016
yum install -y git autoconf automake make libtool pam-devel git clone https://github.com/google/google-authenticator cd google-authenticator/libpam ./bootstrap.sh ./configure ./make ./make install ln -s /usr/local/lib/security/pam_google_authenticator.so /usr/lib64/security/pam_google_authenticator.so yum install freeradius sed -i 's/user = freerad/user = root/' /etc/raddb/radiusd.conf sed -i 's/group = freerad/group - root/' /etc/raddb/radiusd.conf nano /etc/raddb/users
DEFAULT Group == “GG_S_GOOGLE_AUTH_DISABLED”, Auth-Type := Reject Reply-Message = “Your account has been disabled.” DEFAULT Auth-Type := PAM
sed -i 's/^#\ \ \ \ \ \ \ pam/\ \ \ \ \ \ \ \ pam/' /etc/raddb/sites-enabled/default
Comment out all lines in /etc/pam.d/radiusd then add the following
echo auth requisite pam_google_authenticator.so forward_pass >> /etc/pam.d/radiusd echo auth required pam_lsass.so use_first_pass >> /etc/pam.d/radiusd
