search

google / google-authenticator-libpam

Apache License 2.0
1.76k stars 281 forks source link

Google-Authenticator openSUSE #185

Closed ghost closed 3 years ago

ghost commented 3 years ago

I am currently trying to achieve the following on openSUSE: Request User Password (LDAP) Query 2FA-Token (Google-Auth) (see picture of how I want it to be) Under Debian it works, but under openSUSE it only works if the order is the other way round, i.e. first token, then password. If I change the order in /etc/pam.d/sshd so that the password is asked first, the Google-Authenticator is skipped. What is the reason for this, or what am I doing wrong? For better understanding I have posted my /etc/ssh/sshd_config and /etc/pam.d/sshd below. I am using openSUSE LEAP 15.2 and would appreciate helpful answers!

example

sshd_config: (only changes)

ChallengeResponseAuthentication yes

UsePAM yes

AuthenticationMethods keyboard-interactive

sshd:

#%PAM-1.0

auth required pam_google_authenticator.so [authtok_prompt=token: ]

auth requisite pam_nologin.so

auth include common-auth

auth include password-auth

account requisite pam_nologin.so

account include common-account

password include common-password use_first_pass 

session required pam_loginuid.so

session include common-session

session optional pam_lastlog.so silent noupdate showfailed