[OmniOS-discuss] OmniOS r151020 is now out!
Andy Fiddaman
omnios at citrus-it.net
Sun Nov 6 13:15:11 UTC 2016
On Sun, 6 Nov 2016, Olaf Marzocchi wrote:
; Hi,
; I started updating my server, therefore OpenSSH first. After that one I
; restarted the server.
; I can login with my pass but two factor authentication doesn't work anymore,
; I'm never asked for it.
I've just checked one of my servers that uses 2FA and I have both
sshd-kbdint and sshd at the end of pam.conf. Perhaps you need both?
sshd-kbdint auth requisite pam_authtok_get.so.1
sshd-kbdint auth required pam_dhkeys.so.1
sshd-kbdint auth required pam_unix_cred.so.1
sshd-kbdint auth required pam_unix_auth.so.1
sshd-kbdint auth required /opt/CITotp/lib/pam_mobile_otp.so
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth required pam_unix_cred.so.1
sshd auth required pam_unix_auth.so.1
sshd auth required /opt/CITotp/lib/pam_mobile_otp.so
Debug output from sshd says:
debug3: /etc/ssh/sshd_config:100 setting UsePAM yes
/etc/ssh/sshd_config line 100: ignoring UsePAM option value. This option is always on.
debug3: PAM service is sshd-none
debug3: PAM service is sshd-pubkey
debug3: PAM service is sshd-kbdint
--
Citrus IT Limited | +44 (0)870 199 8000 | enquiries at citrus-it.co.uk
Rock House Farm | Green Moor | Wortley | Sheffield | S35 7DQ
Registered in England and Wales | Company number 4899123
More information about the OmniOS-discuss
mailing list