Configuring Authentication Flow for an Endpoint
AuthNull provides a robust mechanism to define and manage the authentication flow for endpoints. This guide will walk you through the steps to configure the authentication flow for an endpoint user.
Steps to Configure Authentication Flow
- Navigate to Endpoints List: Access the list of endpoints from the ‘Privileged Access Management’ section.
- Access Authentication Flow Settings: Click on the gear icon in the actions column.
- Open Auth Flow Modal: Click on ‘Auth Flow’, and a modal will appear.
- Choose Authentication Factors:
- Note: You can select either password or SSH as the first factor. However, DID will always be the second factor by default.
- For the third factor, select “none”.
- Generate PAM.SO File: Click on ‘generate’. This action will produce a PAM.SO file tailored for your Linux machine.
- Download and Configure: Download the
pam.sofile and integrate it into your Linux environment.
Instruction on Configuring the Authentication flow in the endpoint
Sample PAM.SO file
#/etc/pam.d/sshd
#%PAM configuration for the Secure Shell service 1.0
auth required pam_google_authenticator.so nullok
auth required pam_permit.so
#/etc/ssh/sshd_config
PasswordAuthentication yes
PubkeyAuthentication yes
AuthenticationMethods password publickey
According to this authentication flow we need to make changes in the following files: /etc/pam.d/sshd and /etc/ssh/sshd_config
for /etc/pam.d/sshd please add the following lines at the end of the file
auth required pam_google_authenticator.so nullok
auth required pam_permit.so
for /etc/ssh/sshd_config please add the following lines at the end of the file
PasswordAuthentication yes
PubkeyAuthentication yes
AuthenticationMethods password publickey
once done your endpoint will have Password as first factor, followed by SSH keys as second factor and DID as the third factor for authentication.