Hello Everybody!
Could please somebody share experience of using PAM module of PrivacyIDEA on the Centos 8 Stream with Python3?
I managed to make the pam_python.so from source but with a lot of difficulties and with editing of some source files. May be the easier way is present?
Probably somewhere are present the ideal /etc/pam.d/sshd config for this OS. The examples in the documentation describe the Debian branch as far as I understand, right?
Regards
Volodymyr.
Hi,
I recommend to use pam_radius, if possible.
The privacyIDEA PAM module is rather outdated.
Regards
Cornelius
Hi!
Thanks for the answer.
We are looking for a secure solution for linux ssh with OTP. We have tested pam_radius but it does not support TLS encryption which creates additional risks. I am aware that it’s possible to use additional solutions to securely communicate with RADIUS server (like radsecproxy) however it does not help much (I can describe possible cases explaining why).
So I would like to ask if there are any plans to rework privacyIDEA PAM module or provide some other solution that would use end-to-end encryption.
No, there are no such plans.
Since time is limited and noone is throwing money at it.
@Kseniya_Schwarz , can you please guide or explain why radsecproxy not helpful in this case ? if pam_radius request goes to radsecproxy servers (TLS) and then radsecproxy forward request to radius server using same host, my mean radsecproxy and radius server both on same host then i think it secures the communication ? . Please suggest.
theres a reworked pam module for privacyidea now: