On Thu, May 09, 2019 at 07:55:31AM -0400, Nerigal wrote:
> Hi,
>
> I could make sssd work fine with domain authentication with Radius
> server + Azure MFA through SSH gateway using password
>
> So the user enter his creds and then get to prompt on his phone to
> accept or reject the authentica
Hi,
keyboard-interactive is for OTP only like the old google authenticator
I use AMFA from Azure which require no code to be typed at screen
So this option is irrelevant to the problem
The problem is that sssd skip the pam stack with ssh key, i think it
could be a good plus value to add an
On Thu, May 09, 2019 at 09:45:46PM -0400, Nerigal wrote:
> Hi,
>
> keyboard-interactive is for OTP only like the old google authenticator
>
> I use AMFA from Azure which require no code to be typed at screen
>
> So this option is irrelevant to the problem
>
> The problem is that sssd skip t
Hi,
Never heard of PAM acting any how in the authentication mechanism with
using SSH key.
im using /usr/bin/sss_ssh_authorizedkeys to authenticate SSH key and so
this is a sssd module right ?
and this binary leads the auth mechanics to sssd using the configuration
in sssd.conf
Other thing
On Fri, May 10, 2019 at 08:46:00AM -0400, Nerigal wrote:
> Hi,
>
> Never heard of PAM acting any how in the authentication mechanism with
> using SSH key.
Yes, because they are completely unrelated.
>
> im using /usr/bin/sss_ssh_authorizedkeys to authenticate SSH key and so
> this is a sssd m
_Did you try this with_
_AuthenticationMethods publickey,keyboard-interactive_
_and_
_ChallengeResponseAuthentication yes_
_in sshd_config?_
Yes i did and it keep requesting the password in every cases i could try
Now if the keys are provided by the id_provider
This mean that in fact
