Hi all,
I set up a privacyidea server for testing purposes and I am doing 2FA for ssh and sudo on a test machine using pam_privacyidea:
all works well, with a variety of tokens (TOTP, mail, questionnaire).
BUT: it only works when I use ‘nossl’ in my pam config:
auth [success=1 default=ignore] pam_privacyidea.so url=https://my.privacyidea.server sendEmptyPassword nossl debug
if I remove the ‘nossl’ I get:
Jun 11 13:31:08 maxim pam_privacyidea[2091449]: pam_privacyidea(sshd:auth): Unable to send request to the privacyIDEA server. Error 60
since the ‘nossl’ means (according to the github page) “Disable SSL certificate check” I can only assume that pam_privacyidea is not able to verify the server certificate.
I use a certificate issued by letsencrypt for https://my.privacyidea.server. furthermore, when accessing the https://my.privacyidea.server webinterface, the certificate checks out correctly (in the web browser).
any idea what could be the problem?
Best,
Hp