Issue/Introduction:
Is it possible to implement the multiple authentication for PAM login? For example, it is ID/Password authentication and smart card. If both authentications combination are passed at the same time, the user can login to the PAM client.
Environment:
CA Privileged Access Manager 3.1.1
Resolution:
The DocOps explains about this topic in the below URL page.
Title:Authenticate Users Locally or Remotely
https://goo.gl/uxxs7x
The below can be realized the multiple authentication at the same time.
- RADIUS and TACACS+– Authentication against a RADIUS or TACACS+ server.
- LDAP+RSA–Sequential authentication from an LDAP directory and an RSA SecurID server.
- SAML–SAML authentication using CA PAM server as one or both of the following providers:
Identity Provider
Relying Party/Service Provider
The "LDAP+RADIUS in Combination" in the below URL page explains as follows.
https://goo.gl/bKcQp8
"User1 is authenticated against the LDAP server. If the first authentication is successful, user1 is authenticated against the RADIUS server. If authentication is successful, user1 gets logged in to CA Privileged Access Manager."
The "RSA SecurID and LDAP+RSA" in the below URL page explains as follows.
https://goo.gl/43DV6n
"User1 is authenticated against the time-sensitive RSA server. If the first authentication is successful, user1 is authenticated against the LDAP server. If authentication is successful, user1 gets logged in to CA Privileged Access Manager.".