Disable Linux PAM module for specific users !
For user case where you want to skip MultiFactorAuthentication / PAM module like google authentication validation code for specific users and keep it enabled for the rest, below solution can be used-
1) Create a user group on the Linux instance. We are going to disable MFA/PAM for users present in this new group-
sudo groupadd <groupname>
2) Create User or add existing user to newly created group-
sudo useradd <username> sudo usermod -a -G <groupname> <username>
3) Edit /etc/pam.d/sshd file and add the below statement to skip PAM module for the newly created group-
auth [success=done default=ignore] pam_succeed_if.so user ingroup <groupname>
Optional-
If full access is required for this new group then add below line to visudo file-
%<groupname>ALL=(ALL) NOPASSWD: ALL
When a user will be created and added to the new group, on first login MFA will be created but will not be enforced on further logins.
Thanks for checking out !
![Setting width of MVC HTML helper DropDownList ! [@HTML.DropDownList]](https://www.techmanyu.com/wp-content/themes/hueman/assets/front/img/thumb-small-empty.png)
