Hello, just wanted to test drive pam_yubico for PAM session authentication but it seems to be failing.
and added the following to my /etc/pam.d/login:
Code:
auth sufficient pam_yubico.so id=[redacted] authfile=/etc/yubikey_mappings debug
and configured the yubi ID in the authfile as defined above (username:yubi ID)
When I try to log in, the above entry works, ensuring a prompt for Yubikey. Then it fails, regardless of the try_first_pass entry added to the unix pam module (found in the file common-auth-pc).
Code:
[pam_yubico.c:parse_cfg(764)] called.
[pam_yubico.c:parse_cfg(765)] flags 0 argc 3
[pam_yubico.c:parse_cfg(767)] argv[0]=id=[redacted]
[pam_yubico.c:parse_cfg(767)] argv[1]=authfile=/etc/yubikey_mappings
[pam_yubico.c:parse_cfg(767)] argv[2]=debug
[pam_yubico.c:parse_cfg(768)] id=-1
[pam_yubico.c:parse_cfg(769)] key=(null)
[pam_yubico.c:parse_cfg(770)] debug=1
[pam_yubico.c:parse_cfg(771)] alwaysok=0
[pam_yubico.c:parse_cfg(772)] verbose_otp=0
[pam_yubico.c:parse_cfg(773)] try_first_pass=0
[pam_yubico.c:parse_cfg(774)] use_first_pass=0
[pam_yubico.c:parse_cfg(775)] authfile=/etc/yubikey_mappings
[pam_yubico.c:parse_cfg(776)] ldapserver=(null)
[pam_yubico.c:parse_cfg(777)] ldap_uri=(null)
[pam_yubico.c:parse_cfg(778)] ldapdn=(null)
[pam_yubico.c:parse_cfg(779)] user_attr=(null)
[pam_yubico.c:parse_cfg(780)] yubi_attr=(null)
[pam_yubico.c:parse_cfg(781)] yubi_attr_prefix=(null)
[pam_yubico.c:parse_cfg(782)] url=(null)
[pam_yubico.c:parse_cfg(783)] urllist=(null)
[pam_yubico.c:parse_cfg(784)] capath=(null)
[pam_yubico.c:parse_cfg(785)] token_id_length=12
[pam_yubico.c:parse_cfg(786)] mode=client
[pam_yubico.c:parse_cfg(787)] chalresp_path=(null)
[pam_yubico.c:pam_sm_authenticate(830)] get user returned: username
[pam_yubico.c:pam_sm_authenticate(972)] conv returned 44 bytes
[pam_yubico.c:pam_sm_authenticate(990)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32.
[pam_yubico.c:pam_sm_authenticate(997)] OTP: [redacted] ID: [redacted]
[pam_yubico.c:pam_sm_authenticate(1028)] ykclient return value (4): Request was missing a parameter (MISSING_PARAMETER)
[pam_yubico.c:pam_sm_authenticate(1091)] done. [Authentication service cannot retrieve authentication info]
Anyone have any idea why this happens?