Yubico Forum

Re: PAM error

2010-01-14T16:59:46+01:00

That worked =D

I also had to

chmod g+rw /etc/yubikey

chmod g+s /sbin/yk_chkpwd

Thanks,
Koneko

Statistics: Posted by Koneko — Thu Jan 14, 2010 4:59 pm

Re: PAM error

2010-01-14T09:59:58+01:00

From the error message, it seems that the user name and YubiKey ID mapping is wrong in the mapping file.

We would appreciate if you can make a correct user name and YubiKey ID mapping in the mapping file as follows and try again:

:

We hope this helps!

Statistics: Posted by network-marvels — Thu Jan 14, 2010 9:59 am

Re: PAM error

2010-01-13T16:18:50+01:00

Great, that took care of the bad signature problem. Now I am reciving this message:

[pam_yubico.c:pam_sm_authenticate(537)] ykclient return value (0): Success
[pam_yubico.c:check_user_token(117)] Authorization line: YKDB
[pam_yubico.c:pam_sm_authenticate(564)] Yubikey not authorized to login as user
[pam_yubico.c:pam_sm_authenticate(579)] done. [Authentication service cannot retrieve authentication info]

Statistics: Posted by Koneko — Wed Jan 13, 2010 4:18 pm

Re: PAM error

2010-01-13T11:33:59+01:00

The latest Yubico PAM module has made the use of the API Key mandatory. For more information about the API Key, please visit the following link:

http://www.yubico.com/developers/api/

As you did not mention the API Key parameter with the Yubico PAM module in the PAM configuration file, you were receiving the BAD_SIGNATURE error.

We would appreciate if you can follow the steps listed below and try again:

https://api.yubico.com/get-api-key/

key= authfile=/etc/yubikey debug

For example:

auth sufficient pam_yubico.so id=3476 key=WHvkp47s6INISPMIIzKNkYDip39I= authfile=/etc/yubikey debug

We hope this helps!

Feel free to write back in case you face any problems or have further queries.

Statistics: Posted by network-marvels — Wed Jan 13, 2010 11:33 am

Re: PAM error

2010-01-12T15:20:15+01:00

Thank you for providing the valuable information!

We are looking into this and we will update you soon.

Statistics: Posted by network-marvels — Tue Jan 12, 2010 3:20 pm

Re: PAM error

2010-01-11T17:38:23+01:00

1. Centos / 2.6.18-164.10.1.el5.centos.plus
2. PAM version 2.2
3. Sudo version 1.6.9p17
4.

#%PAM-1.0
auth sufficient /lib/security/pam_yubico.so id=(my id) authfile=/etc/yubikey debug
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so

5. I did not install a validation server.

Thanks =)

Statistics: Posted by Koneko — Mon Jan 11, 2010 5:38 pm

Re: PAM error

2010-01-11T14:19:15+01:00

We would appreciate if you can provide us the following information:

This information will help us debugging the issue you are facing.

Statistics: Posted by network-marvels — Mon Jan 11, 2010 2:19 pm

PAM error

2010-01-08T18:22:51+01:00

I have configured the PAM module via this guide:

viewtopic.php?f=5&t=174

and I am receiving the following error in the debug output:

pam_yubico.c:pam_sm_authenticate(537)] ykclient return value (3): Request signature was invalid (BAD_SIGNATURE)
[pam_yubico.c:pam_sm_authenticate(579)] done. [Authentication service cannot retrieve authentication info]

Does anyone know a fix for this?

Thanks,
Koneko

Statistics: Posted by Koneko — Fri Jan 08, 2010 6:22 pm