Yubico Forum...visit our web-store at2011-02-24T15:20:36+01:00https://forum.yubico.com/feed.php?f=8&t=6392011-02-24T15:20:36+01:002011-02-24T15:20:36+01:00https://forum.yubico.com/viewtopic.php?t=639&p=2586#p2586<![CDATA[Re: yubico-pam and response verification]]> Anyways, I've been working on (and testing) the 2.0-branch today, and it seems to work now (HMAC signing was broken this morning).
Statistics: Posted by Guest — Thu Feb 24, 2011 3:20 pm
]]>2011-02-24T09:32:06+01:002011-02-24T09:32:06+01:00https://forum.yubico.com/viewtopic.php?t=639&p=2585#p2585<![CDATA[Re: yubico-pam and response verification]]>Fredrik-at-Yubico wrote:
The solution is to use a Validation protocol version 2.0 client.
Ok, I understand now. I'll give it a go. Bit of a huge gaping hole though!
Statistics: Posted by yaramo — Thu Feb 24, 2011 9:32 am
]]>2011-02-24T08:09:51+01:002011-02-24T08:09:51+01:00https://forum.yubico.com/viewtopic.php?t=639&p=2584#p2584<![CDATA[Re: yubico-pam and response verification]]> Version 2.0 uses either either a shared key (HMAC checksums), SSL or both to provide integrity in the requests/responses to the validation servers.
I've integrated various patches from contributors updating the yubico-c-client to the v2.0 specification. This is now ready for testing, which I haven't gotten around to yet. The plan is to release yubico-c-client v2.4 (last release was 2.3) _without_ these patches (as a more stable release), and then aim to release 2.5 _with_ these patches fairly quickly.
It looks like you've compiled yubico-c-client from source? You are most welcome to help testing this new branch :