Install Login for Linux - Simple configuration

This topic describes how to to use the simple install of Login for Linux product on different versions of Linux.

Download and install

Login for Linux is shipped as a self-extracting installation package. The installation process will copy required files to the appropriate directories and create the database with the default configuration.

From the SecureAuth product downloads page, download the Login for Linux installer .run file.

Ensure that you can execute the .run file.

$ chmod +x SecureAuthLoginForLinux-23.09.01.run

Add the config.json file to the same folder to which you copied the installer.
Open a terminal window then change the directory to the path where you copied the installer and the config.json files.
Login as root then run the installer.
```
$ sudo ./SecureAuthLoginForLinux-23.09.01.run
```
The installer will automatically back up the following files:
- /etc/pam.d/sshd
- /etc/pam.d/su
- /etc/pam.d/sudo
- /etc/ssh/sshd_config
If you make your own backups, the preceding four files are the ones modified in the following configurations.
You can now configure your Linux operating system using either configuration method:
- Simple configurations in Linux
- Advanced configurations in Linux

Simple configurations in Linux

The simple configuration method will detect the Linux distribution family and automatically enable and configure the SecureAuth Pluggable Authentication Module (PAM).

In the terminal window, run the automatic configuration tool.
```
$ sudo /opt/com.secureauth.saap/sapamsetup
```
Result: The Login for Linux configuration tool page displays.
From the Main menu, to configure an authentication service, enter 3.
From the list, select the service you want to configure for authentication in Linux.
ssh connections
To integrate Login for Linux in SSH logins, enter 1.
Result: The tool enables and configures the SecureAuth PAM module for sshd service.
For SSH connections, enter the authentication method want to use.
For example, to configure your SSH connections to use Password + 2FA authentication, enter 1.
Result: The tool configures your SSH connections to use Password + 2FA authentication.
To apply the changes, restart the sshd service. Use the following command.
sudo systemctl restart sshd
Test your configuration by running an ssh connection to the server where you just set up Login for Linux.
A successful ssh configuration test should look like this example:
sudo authentication
To integrate Login for Linux for sudo authentication, enter 2.
Result: The tool enables and configures the SecureAuth PAM module for sudo authentication.
Test your configuration by running a sudo connection test to the server where you just set up Login for Linux.
A successful sudo configuration test should look like this example:
su authentication
To integrate Login for Linux for su authentication, enter 3.
Result: The tool enables and configures the SecureAuth PAM module for su authentication.
Test your configuration by running a su connection to the server where you just set up Login for Linux.
A successful su configuration test should look like this example:
Login authentication
To integrate Login for Linux for login authentication, enter 4.
Result: The tool enables and configures the SecureAuth PAM module for login authentication.
Test your configuration by logging in to the server where you just set up Login for Linux.
A successful login test should look like this example:
GDM authentication
To integrate Login for Linux for GNOME Display Manager (GDM) authentication, enter 5.
Result: The tool enables and configures the SecureAuth PAM module for GDM authentication.
To apply the changes, restart the GDM service. Use the following command.
sudo systemctl restart gdm
Test your configuration by logging in to the server where you just set up Login for Linux.
A successful login test should look like this example:
polkit authentication
To integrate Login for Linux for polkit authentication, enter 6.
Result: The tool enables and configures the SecureAuth PAM module for polkit authentication.
Test your configuration by running a privileged command on a unprivileged terminal. For example,
systemctl restart sshd
You have completed the Login for Linux integration on Linux. If you need to customize Login for Linux features - such as connection timeout and error messages - see Configure Identity Platform and Login for Endpoints.

Uninstalling Login for Linux

The following instructions explain how to uninstall Login for Linux. You must first revert the changes you made in the configuration files and then you can run the uninstall command.

Log files are not uninstalled; use them for troubleshooting any issues with the uninstallation. After you have worked through any issues, you can delete the log files.

Revert the changes by using the backups that were saved as part of install process.
If the uninstaller detects that the configuration files still reference the Login for Linux PAM module, the uninstall process fails.

Run the uninstaller using this command:

$ sudo ./SecureAuthLoginForLinux-23.09.01.run -- uninstall

In this section:

Install Login for Linux - Simple configuration

Download and install

Simple configurations in Linux

Uninstalling Login for Linux

Related topic

Search results