Thursday, August 30, 2018

How to set up a user using Google Authenticator PAM module

Run the google-authenticator binary to create a new secret key in your home directory. These settings will be stored in~/.google_authenticator.
If your system supports the "libqrencode" library, you will be shown a QRCode that you can scan using the Android "Google Authenticator" application.
If your system does not have this library, you can either follow the URL that google-authenticator outputs, or you have to manually enter the alphanumeric secret key into the Android "Google Authenticator" application.
In either case, after you have added the key, click-and-hold until the context menu shows. Then check that the key's verification value matches (this feature might not be available in all builds of the Android application).
Each time you log into your system, you will now be prompted for your TOTP code (time based one-time-password) or HOTP (counter-based), depending on options given to google-authenticator, after having entered your normal user id and your normal UNIX account password.
During the initial roll-out process, you might find that not all users have created a secret key yet. If you would still like them to be able to log in, you can pass the "nullok" option on the module's command line:
auth required nullok
See more:

How To Set Up Multi-Factor Authentication for SSH on Ubuntu

Featured Post

Will <b>blockchain</b> revolutionize the way we vote?