Hello,
After I recently updated to the latest 2.6.12 packages on a Rocky Linux 8 installation (liboath, oathtool, pam_oath), the 2FA configuration for SSH that uses the pam_oath module stopped working correctly. This host has SELinux set to enforcing mode by default, and when I set the SELinux mode to 'permissive', the 2FA configuration for SSH works.
I'm not well versed with SELinux, so I'm doing some research now, but I figured I'd post something here in case someone has some insight on this.
This is the line added to /etc/pam.d/sshd on this host for pam_oath.so:
---
auth [success=ok new_authtok_reqd=ok default=die] pam_oath.so usersfile=/etc/liboath/users.oath window=10 digits=6
---
Thanks in advance, and if you need any further information, please let me know.
Paul