Are there the best practice for installation and using SSHD with PAM module of privacyIDEA on Centos8Stream?

Hello Everybody!

Could please somebody share experience of using PAM module of PrivacyIDEA on the Centos 8 Stream with Python3?
I managed to make the pam_python.so from source but with a lot of difficulties and with editing of some source files. May be the easier way is present?
Probably somewhere are present the ideal /etc/pam.d/sshd config for this OS. The examples in the documentation describe the Debian branch as far as I understand, right?

Regards
Volodymyr.

Hi,

I recommend to use pam_radius, if possible.
The privacyIDEA PAM module is rather outdated.
Regards
Cornelius

Hi!
Thanks for the answer.
We are looking for a secure solution for linux ssh with OTP. We have tested pam_radius but it does not support TLS encryption which creates additional risks. I am aware that it’s possible to use additional solutions to securely communicate with RADIUS server (like radsecproxy) however it does not help much (I can describe possible cases explaining why).
So I would like to ask if there are any plans to rework privacyIDEA PAM module or provide some other solution that would use end-to-end encryption.

No, there are no such plans.
Since time is limited and noone is throwing money at it.