Re: can't get pam_yubico to work for me (local auth server)

2013-08-19T09:18:30+01:00

Hello,

There are numerous threads about PAM in the forum.

Please read this full thread and check if the guide posted at the bottom is of any help for you.

viewtopic.php?f=23&t=822&start=10

Statistics: Posted by Tom — Mon Aug 19, 2013 9:18 am

can't get pam_yubico to work for me (local auth server)

2013-08-18T03:08:44+01:00

Hi,

I have set up a test rig of a Debian 7 hyper-v machine and have set up an auth server on localhost

Judging by

wget -q -O - http://localhost:8000/wsapi/2.0/verify?otp=
h=
t=2013-08-18T03:43:11.248Z
otp=
nonce=
sl=100
status=OK

the auth server is alive and kicking.

(configured with my own values for OTP, disconnected from yubico itself)

As the machine is a Hyperv-guest (so, no support for 'transplugging' the yubikey connected to host to guest system)
I wonder how would I proceed with PAM auth for SSH (for the start, I'm going to use yubikeys also to login to this particular machine)
Traditional way (challenge-response) requires plugging the yubikey in the machine for config (ykpersonalize, ykpamcfg).

Hence I try to config PAM for pam_yubico.so
putting:
auth required pam_yubico.so debug authfile=/etc/yubiauth url:http://localhost:8000/wsapi/2.0/verify?otp=%s

yubiauth file contains:
tester:<12firstmodhexcharsofotp>

unfortunately, when trying ssh for user tester I get Permission denied message,
no matter if I put the password of the user or the OTP.

Could you point me if that's a problem of the auth server config or pam config?

Thanks

Statistics: Posted by mdwuznik — Sun Aug 18, 2013 3:08 am

Yubico Forum

Re: can't get pam_yubico to work for me (local auth server)

can't get pam_yubico to work for me (local auth server)