Yubico Forum ...visit our web-store at 2012-10-14T15:51:06+01:00 https://forum.yubico.com/feed.php?f=5&t=870 2012-10-14T15:51:06+01:00 2012-10-14T15:51:06+01:00 https://forum.yubico.com/viewtopic.php?t=870&p=3319#p3319 <![CDATA[Re: PAM Authentication Error]]>

Thanks anyways!

Statistics: Posted by JulianLG — Sun Oct 14, 2012 3:51 pm

]]> 2012-10-13T19:12:09+01:00 2012-10-13T19:12:09+01:00 https://forum.yubico.com/viewtopic.php?t=870&p=3318#p3318 <![CDATA[PAM Authentication Error]]>
i set up PAM authentication with yubikey following this guide: http://code.google.com/p/yubico-pam/wik ... dSSHViaPAM
It worked first, without setting a password for the specified client-ID (I think the guide is outdated in that point) but stopped working right now.

In the debug Output I see the following error:
Quote:

[pam_yubico.c:parse_cfg(437)] called.
[pam_yubico.c:parse_cfg(438)] flags 1 argc 4
[pam_yubico.c:parse_cfg(440)] argv[0]=id=MYID
[pam_yubico.c:parse_cfg(440)] argv[1]=key=MYKEY
[pam_yubico.c:parse_cfg(440)] argv[2]=authfile=/etc/yk_mapping
[pam_yubico.c:parse_cfg(440)] argv[3]=debug
[pam_yubico.c:parse_cfg(441)] id=MYID
[pam_yubico.c:parse_cfg(442)] key=MYKEY
[pam_yubico.c:parse_cfg(443)] debug=1
[pam_yubico.c:parse_cfg(444)] alwaysok=0
[pam_yubico.c:parse_cfg(445)] verbose_otp=0
[pam_yubico.c:parse_cfg(446)] try_first_pass=0
[pam_yubico.c:parse_cfg(447)] use_first_pass=0
[pam_yubico.c:parse_cfg(448)] authfile=/etc/yk_mapping
[pam_yubico.c:parse_cfg(449)] ldapserver=(null)
[pam_yubico.c:parse_cfg(450)] ldap_uri=(null)
[pam_yubico.c:parse_cfg(451)] ldapdn=(null)
[pam_yubico.c:parse_cfg(452)] user_attr=(null)
[pam_yubico.c:parse_cfg(453)] yubi_attr=(null)
[pam_yubico.c:parse_cfg(454)] url=(null)
[pam_yubico.c:parse_cfg(455)] capath=(null)
[pam_yubico.c:parse_cfg(456)] token_id_length=12
[pam_yubico.c:pam_sm_authenticate(489)] get user returned: root
[pam_yubico.c:pam_sm_authenticate(582)] conv returned 53 bytes
[pam_yubico.c:pam_sm_authenticate(600)] Skipping first 9 bytes. Length is 53, token_id set to 12 and token OTP always 32.
[pam_yubico.c:pam_sm_authenticate(607)] OTP: vvukhfbhndnctgbvjvgnliuviejujjkbfjklnucjbulg ID: vvukhfbhndnc
[pam_yubico.c:pam_sm_authenticate(617)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK
[pam_yubico.c:pam_sm_authenticate(633)] ykclient return value (3): Request signature was invalid (BAD_SIGNATURE)
[pam_yubico.c:pam_sm_authenticate(675)] done. [Authentication service cannot retrieve authentication info]


Anyway, I correctly set up the pam config with a generated api id and key.

Can't get it to work any more :(

Here are some infos:

OS: OpenSUSE 11.4 (uname output: Linux 85-31-187-128 2.6.37.6-0.9-default #1 SMP 2011-10-19 22:33:27 +0200 x86_64 x86_64 x86_64 GNU/Linux)
Installed PAM module Version: 2.5.99_git201103140807

pam config:
Quote:

auth required pam_yubico.so id=<MYID> key=<MYKEY> authfile=/etc/yk_mapping debug
#%PAM-1.0
auth requisite pam_nologin.so
auth include common-auth
account requisite pam_nologin.so
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
session optional pam_lastlog.so silent noupdate showfailed


I'm using the online yubico validation service.

Hope you can help me!
Thanks in advance!

All the best,
Julian

Statistics: Posted by JulianLG — Sat Oct 13, 2012 7:12 pm

]]>