Fixed configuration for pam module to allow login of non existing user accounts, i.e. VPN only users.

2016-02-06 21:20:34 +01:00 · 2016-02-06 21:20:34 +01:00 · 5ca92a2c5e
commit 5ca92a2c5e
parent dd719c1f11
1 changed files with 3 additions and 1 deletions
--- a/otp/openvpn
+++ b/otp/openvpn
@ -1,2 +1,4 @@
 # Uses google authenticator library as PAM module using a single folder for all users tokens
-auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator
+# User root is required to stick with an hardcoded user when trying to determine user id and allow unexisting system users
+# See https://github.com/google/google-authenticator/tree/master/libpam#secretpathtosecretfile--usersome-user
+auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root