Re: PAM SecurID from RSA
From: Julian Elischer (julian_at_vicor.com)
Date: Tue, 07 Oct 2003 14:31:01 -0700 To: Asif Iqbal <email@example.com>
We just run pam_radius and use the RSA alterred radiusd to do the SecureID
Asif Iqbal wrote:
> Has anyone tried to use PAM SecurID from RSA ?
> I compiled openssh-3.7.1p2 this way
> ./configure --disable-suid-ssh --with-privsep-user=sshd
> --with-privsep-path=/var/empty --without-prngd --without-rand-helper
> --with-ssl-dir=/usr/local/ssl --with-tcp-wrappers --with-pam
> And then use these two entries in sshd_config as recommened by RSA
> PAMAuthenticationViaKbdInt yes
> UsePrivilegeSeparation no
> Its not working for SecurID. This is what it says
> debug1: userauth-request for user iqbala service ssh-connection method none
> debug1: attempt 0 failures 0
> debug2: input_userauth_request: setting up authctxt for iqbala
> debug2: input_userauth_request: try method none
> Failed none for iqbala from 220.127.116.11 port 3067 ssh2
> debug1: userauth-request for user iqbala service ssh-connection method
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=iqbala devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> Failed keyboard-interactive for iqbala from 18.104.22.168 port 3067 ssh2
> Please let me know if anyone made it work. Also I don't like the idea that they
> recommeded not to use PrivSep. Whats anyone's thought on this ?