Changes between Initial Version and Version 1 of Ticket #11828, comment 21


Ignore:
Timestamp:
Mar 2, 2015, 2:25:08 AM (10 years ago)
Author:
Centinel

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #11828, comment 21

    initial v1  
    3131Now, 'otpusers' accounts are immediately bound by OTP, regardless of where they're logged in, and everyone else is exempt. Nice and simple.
    3232
    33 Here's my sudo PAM stack:
    34 
    35 {{{
    36 auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
    37 auth requisite pam_oath.so usersfile=/etc/users.oath window=30
    38 auth     include                    common-auth
    39 account  include                    common-account
    40 password include                    common-password
    41 session  include                    common-sessio
    42 }}}
    43 
    44 If you're not bound by OTP, you skip the second line; otherwise, you have to enter an OTP.
    45 
    46 I'll let jprostko verify this, but everything seems to be in order.
     33My sudo PAM stack is the same as I described in my previous post. I'll let jprostko verify this, but everything seems to be in order.