Acceptto™ two factor-authentication can be added to Unix and Linux logins through Acceptto Pluggable Authentication Module (PAM). Most Unix and Linux distros support PAM. It's easy to deploy, customizable, and secure.
Before starting the installation process please:
- Sign up for a new Acceptto account or Login to your Acceptto dashboard
- Navigate to Applications through the side menu
- Click on the New Application button to create a new application, and then
- Choose a Name for your application which you're going to enable the multi-factor authentication for
- Set the Redirect URL to https://acceptto.com
- Set the Color to whatever you like; this is the color band user sees next to your application name in Acceptto mobile app
- Find the new create application in the list and click on Details button
- Copy and keep the UID and Secret. You need them in the next steps
Note that this module won't work when the SSH key is enabled.
- Download or build the
sudo apt install libcurl4-openssl-dev
/lib64/securitydirectory depending on your OS architecture. If your OS is Ubuntu™ or Debian™ and supports Multiarch, move the module to
$ sudo mkdir -p /lib/security/ $ sudo mv pam_acceptto.so /lib/security/
- Set the
pam_acceptto.sopermission to 644 and make change the owner user to root
$ sudo chmod 644 pam_acceptto.so $ sudo chown root:root pam_acceptto.so
- To configure the module for a specific user, create a config file at it's home directory
/home/user_name/.acceptto/acceptto_pam.conf. To configure the module for all users create a config file at
/etc/acceptto/acceptto_pam.conf. Set email, uid and secret inside the config files like the following sample:
[acceptto] email = email@example.com uid = your-uid secret = your-secret
If both user and system-wide configuration files exist, the user configuration file has a higher priority.
/etc/pam.d/sshdand add the following command at the end of the file:
auth required pam_acceptto.so
ChallengeResponseAuthenticationto yes in
- Restart SSH service
sudo systemctl restart sshd
If SELinux is enabled, you need to apply the following command as well:
- Download the
sudo restorecon -v /lib64/security/pam_acceptto.so sudo semodule -i acceptto.pp
/lib/x86_64-linux-gnudepending on your distro architecture and configuration
If you require assistance, please email us at firstname.lastname@example.org
Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.
All product names, trademarks, and registered trademarks are the property of their respective owners.
All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the Acceptto Corporation.
Ubuntu is either registered trademarks or trademarks of Canonical Ltd. and/or one or more of its subsidiaries in the United States and/or other countries.
Debian is either registered trademarks or trademarks of Public Interest, Inc. and/or one or more of its subsidiaries in the United States and/or other countries.