Documents in PAM

PAM & OpenOTP

How to install and configure PAM OpenOTP plugin to enable Multifactor authentication on Linux machines 1. Background On Unix-like systems, processes such as the OpenSSH daemon need to authenticate the user and learn a few things about him or her (user ID, home directory, …). Authentication is done through a mechanism called Pluggable Authentication Modules, and retrieving information about users (or even groups, host names, …) is done through another mechanism, called the Name Service Switch.

Client Policies

How to create a client policy This documentation will explain you how to configure a client policy on WebADM. 1. What is a client policy ? A Client Policy provide per-client application access control and customized configurations. The Client Policy objects are also used to customize the behavior of a client application (ex. a VPN server using OpenOTP Authentication Server). You can create a client policy object having the name of a Web Service’s client ID.

SpanKey SSH Key Management

1. Workflow SpanKey is a centralised SSH key server for OpenSSH, which stores and maintains SSH public keys in a centralised LDAP directory (i.e. Active Directory). With SpanKey one can distribute, renew and revoke SSH keys without needing to maintain our touch the authorized keys files. Instead, SpanKey agent is deployed on hosts and logging in user public keys are then fetched ondemand. SpanKey server provides per-host access controls with “server tagging”, LDAP access groups, central Web based management with RCDevs WebADM console, support for shared account and privileged (master keys) access, use of recovery keys as well as automated public key renewal workflow (via Web Self-Services).