PAM-Console

Home
StrongKey FIDO Server

Release Notes
Introduction
Installation
Administration
How To ...
Troubleshooting
Developer
Demos
- TLS ClientAuth + FIDO
- Back
MFA Implementations

Configuring PAM for use with Idem Key Plus

When a site requires Administrators to authenticate to a credential on the console of the Tellaro appliance, StrongKey supports the use of MFA by configuring the Pluggable Authentication Module (PAM) in Linux to support this capability. This section describes how to to configure PAM for use with GoTrust’s Idem Key Plus on the Rocky 9.1 operating system.

Prerequisites

Component	Version
Operating System	Rocky Linux 9.1
Kernel	5.14.0-162.6.1.el9_1.x86_64

FIDO Clients and Libraries	Version
pam-u2f	1.3.0
pamu2fcfg	1.3.0
libcbor	0.10
libfido2	1.12

Configuring the Security Keys

The following sections describe how to configure the Idem Key Plus for use as a second factor to authenticating to a privileged credential on the Tellaro Console by assigning a PIN to it. This is only required if you want to enforce PIN for Linux login.

Configure Idem Key Plus
Configuring the Linux Authentication System
Requiring a Security Key to authenticate Administrators
Testing MFA with Security Keys