multiple authentication at the same time to log in PAM

Document ID : KB000074919
Last Modified Date : 28/03/2018
Show Technical Document Details
Question:
Is it possible to implement the multiple authentication for PAM login?  For example, it is ID/Password authentication and smart card. If both authentications combination are passed at the same time, the user can login to the PAM client. 
Environment:
CA Privileged Access Manager 3.1.1
Answer:
The DocOps explains about this topic in the below URL page.
 
Title:Authenticate Users Locally or Remotely
https://goo.gl/uxxs7x

The below can be realized the multiple authentication at the same time.
  • RADIUS and TACACS+– Authentication against a RADIUS or TACACS+ server.
  • LDAP+RSA–Sequential authentication from an LDAP directory and an RSA SecurID server.
  • SAML–SAML authentication using CA PAM server  as one or both of the following providers:
  Identity Provider
  Relying Party/Service Provider


The "LDAP+RADIUS in Combination" in the below URL page explains as follows.
https://goo.gl/bKcQp8
 
"User1 is authenticated against the LDAP server. If the first authentication is successful, user1 is authenticated against the RADIUS server. If authentication is successful, user1 gets logged in to CA Privileged Access Manager."

The "RSA SecurID and LDAP+RSA" in the below URL page explains as follows.
https://goo.gl/43DV6n
 
"User1 is authenticated against the time-sensitive RSA server. If the first authentication is successful, user1 is authenticated against the LDAP server. If authentication is successful, user1 gets logged in to CA Privileged Access Manager.".