Yubico Forum ...visit our web-store at 2015-02-17T08:32:31+01:00 https://forum.yubico.com/feed.php?f=3&t=1742 2015-02-17T08:32:31+01:00 2015-02-17T08:32:31+01:00 https://forum.yubico.com/viewtopic.php?t=1742&p=6868#p6868 <![CDATA[Re: pam_yubico stalls, no api response]]>
Quote:

debug: pam_yubico.c:972 (pam_sm_authenticate): conv returned 45 bytes
debug: pam_yubico.c:990 (pam_sm_authenticate): Skipping first 1 bytes. Length is 45, token_id set to 12 and token OTP always 32.
debug: pam_yubico.c:997 (pam_sm_authenticate): OTP: sdfölkjasdflökjasdflökjasdflökjasdfölkj ID: sdfölkjasdf
debug: pam_yubico.c:1012 (pam_sm_authenticate): Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK


And upon looking at the file pam_yubico.c [https://github.com/Yubico/yubico-pam-dpkg/blob/master/pam_yubico.c], the pam apparently stalls somewhere within these lines of code:
Code:
      retval = pam_set_item (pamh, PAM_AUTHTOK, onlypasswd);
      free (onlypasswd);
      if (retval != PAM_SUCCESS)
   {
     DBG (("set_item returned error: %s", pam_strerror (pamh, retval)));
     goto done;
   }
    }
  else
    password = NULL;

  rc = ykclient_request (ykc, otp);


My suspicion is that it is the ykclient_request (ykc, otp) that won't work... But all libs are installed and linked into /usr/lib... Any ideas?

BR
//David

Statistics: Posted by davand01 — Tue Feb 17, 2015 8:32 am

]]> 2015-02-12T22:06:12+01:00 2015-02-12T22:06:12+01:00 https://forum.yubico.com/viewtopic.php?t=1742&p=6856#p6856 <![CDATA[pam_yubico stalls, no api response]]>
I'm trying to get Openvpn to work with pam on pfsense. So far, no luck. In order to debug it, i tried using in in the /etc/pam.d/su file, with the following result:

Code:
debug: pam_yubico.c:764 (parse_cfg): called.
debug: pam_yubico.c:765 (parse_cfg): flags 0 argc 3
debug: pam_yubico.c:767 (parse_cfg): argv[0]=id=16
debug: pam_yubico.c:767 (parse_cfg): argv[1]=authfile=/etc/yubikeyid
debug: pam_yubico.c:767 (parse_cfg): argv[2]=debug
debug: pam_yubico.c:768 (parse_cfg): id=16
debug: pam_yubico.c:769 (parse_cfg): key=(null)
debug: pam_yubico.c:770 (parse_cfg): debug=1
debug: pam_yubico.c:771 (parse_cfg): alwaysok=0
debug: pam_yubico.c:772 (parse_cfg): verbose_otp=0
debug: pam_yubico.c:773 (parse_cfg): try_first_pass=0
debug: pam_yubico.c:774 (parse_cfg): use_first_pass=0
debug: pam_yubico.c:775 (parse_cfg): authfile=/etc/yubikeyid
debug: pam_yubico.c:776 (parse_cfg): ldapserver=(null)
debug: pam_yubico.c:777 (parse_cfg): ldap_uri=(null)
debug: pam_yubico.c:778 (parse_cfg): ldapdn=(null)
debug: pam_yubico.c:779 (parse_cfg): user_attr=(null)
debug: pam_yubico.c:780 (parse_cfg): yubi_attr=(null)
debug: pam_yubico.c:781 (parse_cfg): yubi_attr_prefix=(null)
debug: pam_yubico.c:782 (parse_cfg): url=(null)
debug: pam_yubico.c:783 (parse_cfg): urllist=(null)
debug: pam_yubico.c:784 (parse_cfg): capath=(null)
debug: pam_yubico.c:785 (parse_cfg): token_id_length=12
debug: pam_yubico.c:786 (parse_cfg): mode=client
debug: pam_yubico.c:787 (parse_cfg): chalresp_path=(null)
debug: pam_yubico.c:829 (pam_sm_authenticate): get user returned: XXXX
YubiKey for `davand01':
debug: pam_yubico.c:972 (pam_sm_authenticate): conv returned 44 bytes
debug: pam_yubico.c:990 (pam_sm_authenticate): Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32.
debug: pam_yubico.c:997 (pam_sm_authenticate): OTP: XXXXXXXXXXX ID: XXXXXXXX


But after this point, nothing happens. I also tried using tcpdump -i host api.yubico.com, but that yields no result what so ever. What could be wrong? I used the pam_yubico that's available as a package for freebsd.

Any ideas?

Statistics: Posted by davand01 — Thu Feb 12, 2015 10:06 pm

]]>