howtos:google_authenticator
Differences
This shows you the differences between two versions of the page.
| — |
howtos:google_authenticator [d/m/Y H:i] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | Get the software: | ||
| + | |||
| + | <code> | ||
| + | apt-get install gcc mercurial libpam0g-dev -y | ||
| + | </code> | ||
| + | |||
| + | Compile the PAM module: | ||
| + | |||
| + | <code> | ||
| + | cd google-authenticator/libpam/ | ||
| + | make install | ||
| + | </code> | ||
| + | |||
| + | Now apply the PAM module to one of your authentication mechanisms (sshd, ppp, samba or what ever you have in /etc/pam.d): | ||
| + | |||
| + | <code> | ||
| + | vi /etc/pam.d/sshd | ||
| + | </code> | ||
| + | |||
| + | and append this to the file sshd: | ||
| + | |||
| + | <file> | ||
| + | auth required pam_google_authenticator.so | ||
| + | </file> | ||
| + | |||
| + | |||
| + | You can disable the 2-factor login by appending these two lines: | ||
| + | |||
| + | <file> | ||
| + | auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf | ||
| + | auth required pam_google_authenticator.so | ||
| + | </file> | ||
| + | |||
| + | In the file /etc/security/access-local.conf you can add the following to skip 2-factor for the network 10.0.0.0/24: | ||
| + | |||
| + | <file> | ||
| + | + : ALL : 10.0.0.0/24 | ||
| + | + : ALL : LOCAL | ||
| + | - : ALL : ALL | ||
| + | </file> | ||
| + | |||
howtos/google_authenticator.txt · Last modified: d/m/Y H:i (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
