| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] Internal printf format error https://forum.yubico.com/viewtopic.php?f=23&t=1180 |
Page 1 of 1 |
| Author: | tleif [ Fri Sep 27, 2013 9:42 pm ] |
| Post subject: | [QUESTION] Internal printf format error |
I'm trying to get Yubi key to work in conjunction with Krb5 auth on our servers. Currently I'm getting the following error when I enter a Yubikey token at the prompt: Quote: [pam_yubico.c:pam_sm_authenticate(797)] get user returned: xxxxxxx [pam_yubico.c:pam_sm_authenticate(904)] conv returned 44 bytes [pam_yubico.c:pam_sm_authenticate(922)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32. [pam_yubico.c:pam_sm_authenticate(929)] OTP: xxxxxxxx ID: xxxxxxxx [pam_yubico.c:pam_sm_authenticate(960)] ykclient return value (102): Internal printf format error [pam_yubico.c:pam_sm_authenticate(1000)] done. [Authentication service cannot retrieve authentication info] Anyone have any ideas? |
|
| Author: | Tom [ Mon Sep 30, 2013 9:06 am ] |
| Post subject: | Re: [QUESTION] Internal printf format error |
Hello, Could you provide use more information: - System - Version of pam_yubico - Configuration files |
|
| Author: | tleif [ Mon Sep 30, 2013 4:37 pm ] |
| Post subject: | Re: [QUESTION] Internal printf format error |
I'm running an Ubuntu 12.04 install using libpam-yubico 2.13-1~ppa1~precise1. My pam-config for yubikey looks like: Code: Name: Yubico authentication with YubiKey Default: no Priority: 704 Auth-Type: Primary Auth: required pam_yubico.so id=100 key=xxxxxx url=http://<server>/wsapi/2.0/verify? authfile=/etc/yubikey_mappings debug Auth-Initial: required pam_yubico.so id=100 key=xxxxxx url=http://<server>/wsapi/2.0/verify? authfile=/etc/yubikey_mappings debug and pam common-auth looks like: Code: # here are the per-package modules (the "Primary" block)
auth required pam_yubico.so id=100 key=xxxxxx url=http://<server>/wsapi/2.0/verify? authfile=/etc/yubikey_mappings debug auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) auth optional pam_cap.so |
|
| Author: | Tom [ Tue Oct 01, 2013 7:54 am ] |
| Post subject: | Re: [QUESTION] Internal printf format error |
Change the url format in: http://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s Please read the README from the pam module on http://opensource.yubico.com/yubico-pam/ |
|
| Author: | tleif [ Tue Oct 01, 2013 5:09 pm ] |
| Post subject: | Re: [QUESTION] Internal printf format error |
Tom, Thanks, that took care of the printf error and I'm actually hitting the validation server with requests, but now I've run into another error. Code: [pam_yubico.c:parse_cfg(736)] called. [pam_yubico.c:parse_cfg(737)] flags 1 argc 5 [pam_yubico.c:parse_cfg(739)] argv[0]=id=100 [pam_yubico.c:parse_cfg(739)] argv[1]=key=xxxxxx [pam_yubico.c:parse_cfg(739)] argv[2]=url=http://<server>/wsapi/2.0/verify?id=%d&otp=%s [pam_yubico.c:parse_cfg(739)] argv[3]=authfile=/etc/yubikey_mappings [pam_yubico.c:parse_cfg(739)] argv[4]=debug [pam_yubico.c:parse_cfg(740)] id=100 [pam_yubico.c:parse_cfg(741)] key=xxxxxx [pam_yubico.c:parse_cfg(742)] debug=1 [pam_yubico.c:parse_cfg(743)] alwaysok=0 [pam_yubico.c:parse_cfg(744)] verbose_otp=0 [pam_yubico.c:parse_cfg(745)] try_first_pass=0 [pam_yubico.c:parse_cfg(746)] use_first_pass=0 [pam_yubico.c:parse_cfg(747)] authfile=/etc/yubikey_mappings [pam_yubico.c:parse_cfg(748)] ldapserver=(null) [pam_yubico.c:parse_cfg(749)] ldap_uri=(null) [pam_yubico.c:parse_cfg(750)] ldapdn=(null) [pam_yubico.c:parse_cfg(751)] user_attr=(null) [pam_yubico.c:parse_cfg(752)] yubi_attr=(null) [pam_yubico.c:parse_cfg(753)] yubi_attr_prefix=(null) [pam_yubico.c:parse_cfg(754)] url=http://<server>/wsapi/2.0/verify?id=%d&otp=%s [pam_yubico.c:parse_cfg(755)] capath=(null) [pam_yubico.c:parse_cfg(756)] token_id_length=12 [pam_yubico.c:parse_cfg(757)] mode=client [pam_yubico.c:parse_cfg(758)] chalresp_path=(null) [pam_yubico.c:pam_sm_authenticate(797)] get user returned: xxxxxx [pam_yubico.c:pam_sm_authenticate(904)] conv returned 44 bytes [pam_yubico.c:pam_sm_authenticate(922)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32. [pam_yubico.c:pam_sm_authenticate(929)] OTP: xxxxxx ID: xxxxxx [pam_yubico.c:pam_sm_authenticate(960)] ykclient return value (107): Server response signature was invalid (BAD_SERVER_SIGNATURE) [pam_yubico.c:pam_sm_authenticate(1000)] done. [Authentication service cannot retrieve authentication info] Searching through the forums, the only related posts seem to have to do with ARM implementations and PHP char escaping. One mention not having the same API key on the server as on the client, but I've changed the API key twice and made sure they are the same on both with no change in error. |
|
| Author: | habanero [ Mon Dec 16, 2013 11:18 am ] |
| Post subject: | Re: [QUESTION] Internal printf format error |
Did you have any luck with getting this working? We have the same problem - we are trying to use a local yubi server so that we have offline access but we get the same errors: [pam_yubico.c:pam_sm_authenticate(969)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK [pam_yubico.c:pam_sm_authenticate(985)] ykclient return value (107): Server response signature was invalid (BAD_SERVER_SIGNATURE) [pam_yubico.c:pam_sm_authenticate(1038)] done. [Authentication service cannot retrieve authentication info] Thanks! |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|