Google Two-Factor - Authentication Apply Problem
Posted: Sat Jan 29, 2022 10:42 am
Hello Recently I am struggling with openvpn multi-factor authentication issue.
This problem has been confirmed as a problem that occurs in the CentOS6 .10 version, and this problem does not occur in the CentOS5 and 7 versions.
For more details, it is an error that authentication does not succeed if the client user uses the user PW and google verify-code together when logging in. The problem I checked was that the forward_pass option was not applied in the pam module.
As a result of my testing, when I log in with only user information or apply separately with Google OTP 6 digits, login works well.
I want to solve this problem and I would like some help. Below are my openvpn configuration files, pam module configuration files, and the error log I checked.
/etc/openvpn/openvpn.conf
-> plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/openvpn
/etc/pam.d/openvpn
-> auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth required /lib64/security/pam_google_authenticator.so forward_pass
auth include system-auth
account include system-auth
password include system-auth
(/lib64/security/pam_google_authenticator.so The file exists in this path.)
tail -f /var/log/secure
-> openvpn(pam_google_authenticator)[6128]: Unrecognized option "forward_pass"
(I want to apply the forward pass option.)
This problem has been confirmed as a problem that occurs in the CentOS6 .10 version, and this problem does not occur in the CentOS5 and 7 versions.
For more details, it is an error that authentication does not succeed if the client user uses the user PW and google verify-code together when logging in. The problem I checked was that the forward_pass option was not applied in the pam module.
As a result of my testing, when I log in with only user information or apply separately with Google OTP 6 digits, login works well.
I want to solve this problem and I would like some help. Below are my openvpn configuration files, pam module configuration files, and the error log I checked.
/etc/openvpn/openvpn.conf
-> plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/openvpn
/etc/pam.d/openvpn
-> auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth required /lib64/security/pam_google_authenticator.so forward_pass
auth include system-auth
account include system-auth
password include system-auth
(/lib64/security/pam_google_authenticator.so The file exists in this path.)
tail -f /var/log/secure
-> openvpn(pam_google_authenticator)[6128]: Unrecognized option "forward_pass"
(I want to apply the forward pass option.)