Product Documentation

    Configuration the Linux Authentication System

    In this section, the Tellaro’s PAM configuration is modified to require the strongauth user to authenticate on the Console with:

    • The credential’s Linux password; and
    • Security Key with USB Type -A connector

     

    Steps

    1. Log into the server as root user and open a new shell window

    2. Remove the pre-installed libcbor and libfido2 libraries

      shell> rpm -ev --nodeps libcbor
shell> rpm -ev --nodeps libfido2

    3. Download libcbor 0.10.2 from the link below

      https://github.com/PJK/libcbor/archive/refs/tags/v0.10.2.zip

    4. Extract the downloaded zip:

      shell> unzip libcbor-0.10.2.zip
shell> mv libcbor-0.10.2 libcbor
    5. Install prerequisites for building libcbor 
      shell> yum install gcc
shell> yum install g++

    6. Build libcbor with Position Independent Code (PIV) set to on.

      shell> cmake -DCMAKE_BUILD_TYPE=Release libcbor -DCMAKE_POSITION_INDEPENDENT_CODE=ON
shell> make
shell> make install

      This will install the compiled files in ‘/usr/local/lib64’ directory.

    7. Download libfido2 1.12 from the link below

      https://developers.yubico.com/libfido2/Releases/libfido2-1.12.0.tar.gz

    8. Extract the downloaded distribution: 

      shell> tar xvf libfido2-1.12.0.tar.gz
    9. Install prerequisites for building libfido2 
      shell> yum install zlib-devel
shell> yum install openssl-devel

    10. Change directory into the extracted folder and build libfido2:

      shell> cd libfido2-1.12.0
shell> cmake -B build
shell> make -C build
shell> make -C build install

      This will install the compiled files in ‘/usr/local/lib64’ directory.

    11. Create symbolic links to the newly compiled libraries in the ‘/usr/lib64’ folder:

      shell> ln -s /usr/local/lib64/libfido2.so.1.12.0 /usr/lib64/libfido2.so.1
shell> ln -s /usr/local/lib64/libfido2.so.1 /usr/lib64/libfido2.so

    12. Add a group named mfausers to /etc/group

      shell> groupadd mfausers

    13. Add the strongauth account to the mfausers group

      shell> gpasswd --a strongauth mfausers

    14. Create an empty file called /var/log/pamfido.log

      shell> touch /var/log/pamfido.log

    15. Make the pamfido.log file write-able by the group

      shell> chmod 664 /var/log/pamfido.log