Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:25 am

View unanswered posts | View active topics


Board index » Yubico Software » Computer Logon - Windows | Linux | MacOS | freeBSD

All times are UTC + 1 hour




Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | Next topic 
Author Message
luclu
PostPosted: Tue Nov 01, 2016 6:48 pm 
Offline

Joined: Tue Nov 01, 2016 6:33 pm
Posts: 1
Hello,

After upgrading to macOS 10.12 Sierra I wanted to enable the challenge-response method again.
As I noticed the availability of PIV, I gave it a try only to discover that it is not enforcable as login requirement, so I setup the PAM method.

Unfortunately enabling both methods created an incompatiblity.
I'm unable to use the HMAC-SHA1 Challenge-Response functionality as inserting the stick will switch to the PIN entry input field. Specifying the PIN won't help much as the PAM method was added to /etc/pam.d/authorization as requirered.

Of course I created a Time-Machine backup before following the procedure, however the backup seems to be corrupt as I can't successfully mount the backup even on a vanilla Sierra installation. (I'm currently in contact with Apple's support)

I hope there is some way to resolve this without losing all data. If not, please add some word of warning to the guides.

Best, Luca

ps. I will try to deconfigure one of my keys PIV - if possible - and see if this helps.
Top
 Profile  
Reply with quote  

Share On:
Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

Maliced
PostPosted: Thu Dec 22, 2016 1:33 am 
Offline

Joined: Thu Dec 22, 2016 1:18 am
Posts: 1
Hey luclu,

I have found a way to reconfigure the /etc/pam.d/* files in the Single User mode. You have to enable root mode in order to make edits to the files in Single User mode. I have pasted the instructions below.

____________________________________________________________________________________________________

Boot into S.U. Mode by holding Cmd+S while booting.
Once the terminal prompt opens, type the following:

mount -uw / ("mount"+space+"-uw"+space+slash)

launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

passwd root

(after you press enter it will ask the password for the root user. Type it, even if it won't show any character. Then type again to confirm. Once you had finished type: exit).
____________________________________________________________________________________________________

Once you've enabled root, you should be able to "sudo vi /etc/pam.d/*" for the screensaver/authorization and delete the "/usr/local/lib/security/pam_yubico.so mode=challenge-response" line the file.

I am probably too late. But, if I am not I hope this helps!
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 

Board index » Yubico Software » Computer Logon - Windows | Linux | MacOS | freeBSD

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group