Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- pam with mobile otp
- Gergely Buday
February 8, 2012, 1:18 pm
rate this thread
as there is no mailing list devoted to the mobile one-time-password
package, I have thought it was good to post my questions here.
pam_mobile_otp: passcode not accepted
messages in /var/log/messages, but that is all. Even I set max
maxdiff=36000 to auth, but to no avail.
I have set in /etc/pam.d/sshd the following:
auth sufficient /lib64/security/pam_mobile_otp.so not_set_pass
password required /lib64/security/pam_mobile_otp.so debug
account required /lib64/security/pam_mobile_otp.so debug
#auth required pam_sepermit.so
#auth substack password-auth
#auth include postlogin
#account required pam_nologin.so
#account include password-auth
#password include password-auth
## pam_selinux.so close should be the first session rule
#session required pam_selinux.so close
#session required pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be
executed in the user context
#session required pam_selinux.so open env_params
#session optional pam_keyinit.so force revoke
#session include password-auth
#session include postlogin
I have commented out all default settings as I wanted to experiment
with only mobile otp. Was it a mistake?
Otherwise, I followed the blog post and found that the epoch
difference between my mobile and the server is 11, which should be
acceptable even with the default time window.
So, anybody has a clue how to continue?
- Dag-Erling SmÃ¸rgrav
February 8, 2012, 1:38 pm
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum