I've successfully deployed yubikey authentication for SSH (and sudo tested so far) on Debian jessie. The PAM config line is as follows:
Code:
auth required pam_yubico.so mode=client try_first_pass id=REDACTED debug debug_file=/var/log/yk.log key=REDACTED
I tried to login to the IMAP the same way as to SSH (password + yubikey OTP) as it uses the same auth config but it fails:
Code:
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(830)] get user returned: REDACTED
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(851)] get password returned: (null)
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(972)] conv returned 53 bytes
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(990)] Skipping first 9 bytes. Length is 53, token_id set to 12 and token OTP always 32.
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(997)] OTP: REDACTED ID: REDACTED
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1012)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1028)] ykclient return value (109): Error performing curl
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1091)] done. [Authentication service cannot retrieve authentication info]
I can't see why the same PAM sometimes works (SSH, sudo) and sometimes fails with curl error. Any ideas?
Login
FAQ
Search
