For user case where you want to skip MultiFactorAuthentication / PAM module like google authentication validation code for specific users and keep it enabled for the rest, below solution can be used-
1) Create a user group on the Linux instance. We are going to disable MFA/PAM for users present in this new group-
sudo groupadd <groupname>
2) Create User or add existing user to newly created group-
sudo useradd <username> sudo usermod -a -G <groupname> <username>
3) Edit /etc/pam.d/sshd file and add the below statement to skip PAM module for the newly created group-
auth [success=done default=ignore] pam_succeed_if.so user ingroup <groupname>
Optional-
If full access is required for this new group then add below line to visudo file-
%<groupname>ALL=(ALL) NOPASSWD: ALL
When a user will be created and added to the new group, on first login MFA will be created but will not be enforced on further logins.
Thanks for checking out !
Latest posts by Abhimanyu (see all)
- Monitor Kubernetes Control Plane Services Availability with Heartbeat [ELK] - December 14, 2020
- Setup and operate ELK Stack on Kubernetes cluster using Argo CD - October 26, 2020
- Auto clear notification using Watcher - June 10, 2020