Yubico Forum
https://forum.yubico.com/

[QUESTION] Internal printf format error
https://forum.yubico.com/viewtopic.php?f=23&t=1180
Page 1 of 1

Author:  tleif [ Fri Sep 27, 2013 9:42 pm ]
Post subject:  [QUESTION] Internal printf format error

I'm trying to get Yubi key to work in conjunction with Krb5 auth on our servers. Currently I'm getting the following error when I enter a Yubikey token at the prompt:

Quote:
[pam_yubico.c:pam_sm_authenticate(797)] get user returned: xxxxxxx
[pam_yubico.c:pam_sm_authenticate(904)] conv returned 44 bytes
[pam_yubico.c:pam_sm_authenticate(922)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32.
[pam_yubico.c:pam_sm_authenticate(929)] OTP: xxxxxxxx ID: xxxxxxxx
[pam_yubico.c:pam_sm_authenticate(960)] ykclient return value (102): Internal printf format error
[pam_yubico.c:pam_sm_authenticate(1000)] done. [Authentication service cannot retrieve authentication info]

Anyone have any ideas?

Author:  Tom [ Mon Sep 30, 2013 9:06 am ]
Post subject:  Re: [QUESTION] Internal printf format error

Hello,

Could you provide use more information:

- System
- Version of pam_yubico
- Configuration files

Author:  tleif [ Mon Sep 30, 2013 4:37 pm ]
Post subject:  Re: [QUESTION] Internal printf format error

I'm running an Ubuntu 12.04 install using libpam-yubico 2.13-1~ppa1~precise1.

My pam-config for yubikey looks like:

Code:
Name: Yubico authentication with YubiKey
Default: no
Priority: 704
Auth-Type: Primary
Auth:
        required        pam_yubico.so   id=100 key=xxxxxx url=http://<server>/wsapi/2.0/verify? authfile=/etc/yubikey_mappings debug
Auth-Initial:
        required        pam_yubico.so   id=100 key=xxxxxx url=http://<server>/wsapi/2.0/verify? authfile=/etc/yubikey_mappings debug


and pam common-auth looks like:

Code:
# here are the per-package modules (the "Primary" block)
auth    required        pam_yubico.so id=100 key=xxxxxx url=http://<server>/wsapi/2.0/verify? authfile=/etc/yubikey_mappings debug
auth    [success=2 default=ignore]      pam_krb5.so minimum_uid=1000 try_first_pass
auth    [success=1 default=ignore]      pam_unix.so nullok_secure try_first_pass
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth    optional                        pam_cap.so

Author:  Tom [ Tue Oct 01, 2013 7:54 am ]
Post subject:  Re: [QUESTION] Internal printf format error

Change the url format in:

http://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s

Please read the README from the pam module on http://opensource.yubico.com/yubico-pam/

Author:  tleif [ Tue Oct 01, 2013 5:09 pm ]
Post subject:  Re: [QUESTION] Internal printf format error

Tom,

Thanks, that took care of the printf error and I'm actually hitting the validation server with requests, but now I've run into another error.

Code:
[pam_yubico.c:parse_cfg(736)] called.
[pam_yubico.c:parse_cfg(737)] flags 1 argc 5
[pam_yubico.c:parse_cfg(739)] argv[0]=id=100
[pam_yubico.c:parse_cfg(739)] argv[1]=key=xxxxxx
[pam_yubico.c:parse_cfg(739)] argv[2]=url=http://<server>/wsapi/2.0/verify?id=%d&otp=%s
[pam_yubico.c:parse_cfg(739)] argv[3]=authfile=/etc/yubikey_mappings
[pam_yubico.c:parse_cfg(739)] argv[4]=debug
[pam_yubico.c:parse_cfg(740)] id=100
[pam_yubico.c:parse_cfg(741)] key=xxxxxx
[pam_yubico.c:parse_cfg(742)] debug=1
[pam_yubico.c:parse_cfg(743)] alwaysok=0
[pam_yubico.c:parse_cfg(744)] verbose_otp=0
[pam_yubico.c:parse_cfg(745)] try_first_pass=0
[pam_yubico.c:parse_cfg(746)] use_first_pass=0
[pam_yubico.c:parse_cfg(747)] authfile=/etc/yubikey_mappings
[pam_yubico.c:parse_cfg(748)] ldapserver=(null)
[pam_yubico.c:parse_cfg(749)] ldap_uri=(null)
[pam_yubico.c:parse_cfg(750)] ldapdn=(null)
[pam_yubico.c:parse_cfg(751)] user_attr=(null)
[pam_yubico.c:parse_cfg(752)] yubi_attr=(null)
[pam_yubico.c:parse_cfg(753)] yubi_attr_prefix=(null)
[pam_yubico.c:parse_cfg(754)] url=http://<server>/wsapi/2.0/verify?id=%d&otp=%s
[pam_yubico.c:parse_cfg(755)] capath=(null)
[pam_yubico.c:parse_cfg(756)] token_id_length=12
[pam_yubico.c:parse_cfg(757)] mode=client
[pam_yubico.c:parse_cfg(758)] chalresp_path=(null)
[pam_yubico.c:pam_sm_authenticate(797)] get user returned: xxxxxx
[pam_yubico.c:pam_sm_authenticate(904)] conv returned 44 bytes
[pam_yubico.c:pam_sm_authenticate(922)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32.
[pam_yubico.c:pam_sm_authenticate(929)] OTP: xxxxxx ID: xxxxxx
[pam_yubico.c:pam_sm_authenticate(960)] ykclient return value (107): Server response signature was invalid (BAD_SERVER_SIGNATURE)
[pam_yubico.c:pam_sm_authenticate(1000)] done. [Authentication service cannot retrieve authentication info]


Searching through the forums, the only related posts seem to have to do with ARM implementations and PHP char escaping. One mention not having the same API key on the server as on the client, but I've changed the API key twice and made sure they are the same on both with no change in error.

Author:  habanero [ Mon Dec 16, 2013 11:18 am ]
Post subject:  Re: [QUESTION] Internal printf format error

Did you have any luck with getting this working?

We have the same problem - we are trying to use a local yubi server so that we have offline access but we get the same errors:

[pam_yubico.c:pam_sm_authenticate(969)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK
[pam_yubico.c:pam_sm_authenticate(985)] ykclient return value (107): Server response signature was invalid (BAD_SERVER_SIGNATURE)
[pam_yubico.c:pam_sm_authenticate(1038)] done. [Authentication service cannot retrieve authentication info]

Thanks!

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/