I configured slot 2 of my YubiKey NEO in OATH-HOTP mode in order to use it for a two-factor authentication. It works fine with SSH login, but with OpenVPN it fails with the following message:
Code:
openvpn[15059]: AUTH-PAM: BACKGROUND: USER: keiki
openvpn[15059]: AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
openvpn[15059]: AUTH-PAM: BACKGROUND: my_conv[0] query='One-time password (OATH) for `keiki': ' style=1
openvpn[15059]: AUTH-PAM: BACKGROUND: user 'keiki' failed to authenticate: Authentication failure
When I connect to my OpenVPN server, the server only asks for the "Auth Username", the "Auth Password" and the "Private Key Password". There comes no message asking me for a one-time password (OATH).
Maybe you can help me to find out, what is wrong in my PAM configuration /etc/pam.d/openvpn:
Code:
auth required pam_unix.so shadow nodelay
account required pam_unix.so
auth required pam_oath.so usersfile=/etc/users.oath window=10 digits=8
Kind regards,
keikiStatistics: Posted by keiki — Tue May 26, 2015 4:45 pm
]]>