PAM-Console

Home
StrongKey FIDO Server

Release Notes
Introduction
Installation
Administration
How To ...
Troubleshooting
Developer
Demos
- TLS ClientAuth + FIDO
- Back
MFA Implementations

Configuring PAM for use with TrustKey

When a site requires Administrators to authenticate to a credential on the console of the Tellaro appliance, StrongKey supports the use of MFA by configuring the Pluggable Authentication Module (PAM) in Linux to support this capability. This section describes how to to configure PAM for use with TrustKey’s TrustKey G310 Security Key on the Rocky 9.1 operating system.

Prerequisites

Component	Version
Operating System	Rocky Linux 9.1
Kernel	5.14.0-162.6.1.el9_1.x86_64

FIDO Clients and Libraries	Version
pam-u2f	1.3.0
pamu2fcfg	1.3.0
libcbor	0.10
libfido2	1.12

Configuring the Security Keys

The following sections describe how to configure the Idem Key Plus for use as a second factor to authenticating to a privileged credential on the Tellaro Console by assigning a PIN to it. This is only required if you want to enforce PIN for Linux login.

Configure TrustKey G310
Configuring the Linux Authentication System
Requiring a Security Key to authenticate Administrators
Testing MFA with Security Keys