User Tools

Site Tools


howtos:google_authenticator

Get the software:

apt-get install gcc mercurial libpam0g-dev -y

Compile the PAM module:

cd google-authenticator/libpam/
make install

Now apply the PAM module to one of your authentication mechanisms (sshd, ppp, samba or what ever you have in /etc/pam.d):

vi /etc/pam.d/sshd

and append this to the file sshd:

auth required pam_google_authenticator.so

You can disable the 2-factor login by appending these two lines:

auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth       required     pam_google_authenticator.so

In the file /etc/security/access-local.conf you can add the following to skip 2-factor for the network 10.0.0.0/24:

+ : ALL : 10.0.0.0/24
+ : ALL : LOCAL
- : ALL : ALL
howtos/google_authenticator.txt · Last modified: 02/12/2018 20:34 by 127.0.0.1