Timeline for how to set different authentication requirements in pam policies for different users or groups?
Current License: CC BY-SA 4.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 11, 2021 at 21:26 | vote | accept | Joshua Ferguson | ||
| Mar 10, 2021 at 0:39 | answer | added | stefan0xC | timeline score: 3 | |
| Mar 9, 2021 at 16:54 | comment | added | Joshua Ferguson | people already have passwordless setups where fido2 is the only authentication method(i did it yesterday when testing config settings), what I'm trying to do is have that as an option for unprivileged accounts, but require 2 methods for admin accounts, which would rely on pam having some way of being aware of users or groups, or accessing a root only file which is | |
| Mar 9, 2021 at 16:50 | comment | added | Joshua Ferguson |
also while the above line has the authfile stored in a user agnostic location, most often yubikey (setups) have the authfile stored at user level(same with google authenticator), so pam already has the ability to check user level stuff before the user has been fully authenticated.
|
|
| Mar 9, 2021 at 16:44 | comment | added | Joshua Ferguson | authentication comes in 3 flavors, something you know (password) is only one of them. in the context of pam(_yubico/_u2f) has sort of support for something like this with options to not require it if a user doesn't have 2fa setup. | |
| Mar 9, 2021 at 16:18 | comment | added | waltinator | How can you ask me a "special" authentication before you trust that I'm me (already authenticated)? | |
| Mar 9, 2021 at 14:35 | history | asked | Joshua Ferguson | CC BY-SA 4.0 |