Re: PAM SecurID from RSA

• Previous message: Asif Iqbal: "Re: PAM SecurID from RSA"
• In reply to: Asif Iqbal: "PAM SecurID from RSA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 07 Oct 2003 14:31:01 -0700
To: Asif Iqbal <iqbala@qwestip.net>

We just run pam_radius and use the RSA alterred radiusd to do the SecureID
work..

Asif Iqbal wrote:
> Has anyone tried to use PAM SecurID from RSA ?
>
> I compiled openssh-3.7.1p2 this way
>
> ./configure --disable-suid-ssh --with-privsep-user=sshd
> --with-privsep-path=/var/empty --without-prngd --without-rand-helper
> --with-ssl-dir=/usr/local/ssl --with-tcp-wrappers --with-pam
>
> And then use these two entries in sshd_config as recommened by RSA
>
> PAMAuthenticationViaKbdInt yes
> UsePrivilegeSeparation no
>
> Its not working for SecurID. This is what it says
>
> debug1: userauth-request for user iqbala service ssh-connection method none
> debug1: attempt 0 failures 0
> debug2: input_userauth_request: setting up authctxt for iqbala
> debug2: input_userauth_request: try method none
> Failed none for iqbala from 1.2.3.4 port 3067 ssh2
> debug1: userauth-request for user iqbala service ssh-connection method
> keyboard-interactive
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=iqbala devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> Failed keyboard-interactive for iqbala from 1.2.3.4 port 3067 ssh2
>
> Please let me know if anyone made it work. Also I don't like the idea that they
> recommeded not to use PrivSep. Whats anyone's thought on this ?
>
> Thanks

• Previous message: Asif Iqbal: "Re: PAM SecurID from RSA"
• In reply to: Asif Iqbal: "PAM SecurID from RSA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]