User Tools

Site Tools


howtos:google_authenticator

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:google_authenticator [d/m/Y H:i] (current)
Line 1: Line 1:
 +Get the software:
 +
 +<code>
 +apt-get install gcc mercurial libpam0g-dev -y
 +</code>
 +
 +Compile the PAM module:
 +
 +<code>
 +cd google-authenticator/libpam/
 +make install
 +</code>
 +
 +Now apply the PAM module to one of your authentication mechanisms (sshd, ppp, samba or what ever you have in /etc/pam.d):
 +
 +<code>
 +vi /etc/pam.d/sshd
 +</code>
 +
 +and append this to the file sshd:
 +
 +<file>
 +auth required pam_google_authenticator.so
 +</file>
 +
 +
 +You can disable the 2-factor login by appending these two lines:
 +
 +<file>
 +auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
 +auth       required     pam_google_authenticator.so
 +</file>
 +
 +In the file /etc/security/access-local.conf you can add the following to skip 2-factor for the network 10.0.0.0/24:
 +
 +<file>
 ++ : ALL : 10.0.0.0/24
 ++ : ALL : LOCAL
 +- : ALL : ALL
 +</file>
 +
  
howtos/google_authenticator.txt · Last modified: d/m/Y H:i (external edit)