IBM Security Verify

Shape the future of IBM Security Verify

We invite you to shape the future of IBM, including the product roadmap, by submitting ideas that matter to you the most.

Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Submit a private idea

If you have confidential information or customer data to share with your idea, then - DO NOT submit using the link below, instead - please open a private feature request.

And finally - if its an issue with expected behaviour, a product defect or a support need, open a Support Case

Support for PAM on Latest releases of Redhat OS (RHEL 8.1 and RHEL 8.2)

IBM Security Verify Gateway for PAM on Linux supports Multi factor Authentication on Linux and documentgs support Red Hat Enterprise Linux (RHEL) 7.6 x86-64. But RHEL 7.6 is out of support and latest supported release are Red Hat Enterprise Linux (RHEL) 8.1 and 8.2 on x86-64. Need the PAM support for RHEL 8.1 and RHEL 8.2 for multi factor authentication for SSH via PAM.

Supported list of OS: https://www.ibm.com/support/knowledgecenter/SSCT62/com.ibm.iamservice.doc/concepts/c_verify_pam_overview.html

When we tried to run it on Red Hat Enterprise Linux (RHEL) 8.1 , it is almost working (looking at CIV logs) except for the SSH prompt being able to prompt for the 2nd factor. Seems like a low hanging fix

Here is the log file

IA: 0x5f0859c1: 0x7f2e05495e00: ibm_auth_enrollments_get_all(): Enter
IA: 0x5f0859c1: 0x7f2e05495e00: clean_result(): Enter
IA: 0x5f0859c1: 0x7f2e05495e00: clean_result(): Exit
IA: 0x5f0859c1: 0x7f2e05495e00: ibm_auth_enrollments_get_all(): Exit 0
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: am_choice_then_otp(): num entrolled 1
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: am_choice_then_otp(): Multiple choices
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: am_choice_then_otp(): Prompt for choice
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: prompt_for_input(1) vrushalch@gmail.com
2) +919730868072
3) vrushalc7@gmail.com
? ) ENTER
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: prompt_for_input() fail, pam_conv->conv() failed
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: prompt_for_input() EXIT 19
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: am_choice_then_otp() EXIT 19
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: set_err_msg(Conversation error)
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: output_message(Conversation error) ENTER
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: output_message() EXIT 0
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: pam_sm_authenticate(): 19 DONE
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: pam_ibm_auth_cleanup(): ENTER
PA: 0x5f0859c1: 0x7f2e05495e00: 02292: pam_ibm_auth_shutdown(): ENTER
IA: 0x5f0859c1: 0x7f2e05495e00: ibm_auth_hdl_release(): Enter

  • Guest
  • Jul 10 2020
  • Delivered
  • Guest commented
    15 Jul, 2020 02:39am

    Thank you for your idea, we have accepted this enhancement request and will take this under consideration for development later this year. This is not a statement of commitment. Thanks again for your suggestion!

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.