Comments (5)
This configuration works on Cent 6,7 & 8, SLES 11, 12 and 15 SP4. With SLES 15SP5 my lecture file no longer displays.
Unfortunately I don't run SUSE and can't check this.
If it works everywhere else, then the problem is likely changes in the SUSE PAM system. There's nothing in the pam_radius_auth module about sudo, or displaying files.
from pam_radius.
Here is the package changes from SLES15 SP4 to SP5
SLE 15 SP5 Package Changes
- pam-modules: 12.1-3.17 => 12.1-150000.5.3.2
- pam: 0.8.16-1.1 => 0.8.16-150300.3.3.1
- sudo: 1.9.9-150400.2.5 => 1.9.12p1-150500.5.1
from pam_radius.
Looking thru the SUDO change logs. in version 1.9.10
"The sudo lecture is now displayed immediately before the password prompt. As a result, sudo will no longer display the lecture unless the user needs to enter a password. Authentication methods that don't interact with the user via a terminal do not trigger the lecture."
So why would the prompt option not display?
pam_radius_auth: _pam_parse: argv[0] = 'prompt=2FA'
from pam_radius.
As I said, this is an issue with the underlying PAM / OS. The pam_radius_auth code is the same across all platforms. if the behavior is different on one platform, then the issue is on that platform.
And also, I don't run SLES, so I have no way of debugging this. I'm not even sure how to start debugging it, as (again) the issue is in the underlying PAM / sudo / OS somewhere.
I don't see how I can make any changes to the pam_radius_auth module which will fix an issue with the underlying OS.
from pam_radius.
So the "prompt" option for pam_radius_auth.so module cannot be used to display a message such as "Waiting on 2FA" to the user unless they first prompted for their password when using this module with sudo authentication. I was using 2 factor as an authentication mechanism in lue of password when requesting elevated privileges via sudo access.
from pam_radius.
Related Issues (20)
- DISA STIG'd RHEL8 Cannot unlock vlock screen lock with RADIUS authentication HOT 3
- Abort when configuration file is empty HOT 5
- FR: Override Access-challenge text HOT 4
- rlm_pam HOT 1
- About Radius Server Returned time out problem HOT 1
- Radius Access-Challenge received with State or Reply-Message Missing HOT 1
- PAM Radius + OVPN HOT 1
- MSChap/MSChapv2 support in PAM module HOT 1
- The "source_ip" field should also support an interface name HOT 4
- Change port for pam account radius request HOT 2
- pam_radius version 2 not woking with multi factor authentication/2FA HOT 24
- pap: ERROR: Cleartext password does not match "known good" password HOT 1
- PAM authentication thread crash when using built module to disable IPV6 HOT 3
- ocserv rewrite framed ip from radius HOT 2
- add environment variable attribute Framed Route
- Question abou Privileg level HOT 1
- Getting Management-Privilege-Level
- Getting cisco-avpair from radius server response HOT 1
- Documentation of 'try_first_pass' PAM option seems inaccurate
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pam_radius.