multiple authentication at the same time to log in PAM

book

Article ID: 74919

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



Is it possible to implement the multiple authentication for PAM login?  For example, it is ID/Password authentication and smart card. If both authentications combination are passed at the same time, the user can login to the PAM client. 

Environment

CA Privileged Access Manager 3.1.1

Resolution

The DocOps explains about this topic in the below URL page.
 
Title:Authenticate Users Locally or Remotely
https://goo.gl/uxxs7x

The below can be realized the multiple authentication at the same time.
  • RADIUS and TACACS+– Authentication against a RADIUS or TACACS+ server.
  • LDAP+RSA–Sequential authentication from an LDAP directory and an RSA SecurID server.
  • SAML–SAML authentication using CA PAM server  as one or both of the following providers:
  Identity Provider
  Relying Party/Service Provider


The "LDAP+RADIUS in Combination" in the below URL page explains as follows.
https://goo.gl/bKcQp8
 
"User1 is authenticated against the LDAP server. If the first authentication is successful, user1 is authenticated against the RADIUS server. If authentication is successful, user1 gets logged in to CA Privileged Access Manager."

The "RSA SecurID and LDAP+RSA" in the below URL page explains as follows.
https://goo.gl/43DV6n
 
"User1 is authenticated against the time-sensitive RSA server. If the first authentication is successful, user1 is authenticated against the LDAP server. If authentication is successful, user1 gets logged in to CA Privileged Access Manager.".