Re: [OATH-Toolkit-help] pam_oath with openssh problem in CentOS6.0

[Simon Josefsson]

谭中一 <address@hidden> writes:

> Hi,all
>
> I seek a solution for ssh with otp，then I found oath toolkit.
>
>      My machine : CentOS6.0(in Vbox4.1.6),OpenSSH_5.3p1, OpenSSL 1.0.0-fips,
>
> follow the README, I Building and installation
> oath-toolkit-1.10.4<http://download.savannah.gnu.org/releases/oath-toolkit/oath-toolkit-1.10.4.tar.gz>
> .
> I had successful configure the su and login use pam_oath two
> factor authentication.
> but when I configure the *ssh* and login use pam_oath, I can't pass the
> authentication.
>
>      this is my /etc/pam.d/sshd content.

Hello and thanks for your interest!  Are you sure that your OpenSSH uses
PAM at all?  Make sure /etc/ssh/sshd_config has 'UsePAM yes' in it.

/Simon

> ====================================================
>
> auth requisite pam_oath.so usersfile=/etc/users.oath window=20 digits=6
> #%PAM-1.0
> auth       required     pam_sepermit.so
> auth       include      password-auth
> account    required     pam_nologin.so
> account    include      password-auth
> password   include      password-auth
> # pam_selinux.so close should be the first session rule
> session    required     pam_selinux.so close
> session    required     pam_loginuid.so
> # pam_selinux.so open should only be followed by sessions to be executed in
> the user context
> session    required     pam_selinux.so open env_params
> session    optional     pam_keyinit.so force revoke
> session    include      password-auth。
> ===================================================
> And I have other machine which is Ubuntu10.04(also in Vbox4.1.6)，the
> pam_oath.so works very well both in *su* and *ssh.*
> So I think there maybe some wrongs in the CentOS /etc/pam.d/sshd.
>
> I am look for your helping, thanks!