| Yubico Forum https://forum.yubico.com/ |
|
| pam_yubico stalls, no api response https://forum.yubico.com/viewtopic.php?f=3&t=1742 |
Page 1 of 1 |
| Author: | davand01 [ Thu Feb 12, 2015 10:06 pm ] |
| Post subject: | pam_yubico stalls, no api response |
Hi, I'm trying to get Openvpn to work with pam on pfsense. So far, no luck. In order to debug it, i tried using in in the /etc/pam.d/su file, with the following result: Code: debug: pam_yubico.c:764 (parse_cfg): called. debug: pam_yubico.c:765 (parse_cfg): flags 0 argc 3 debug: pam_yubico.c:767 (parse_cfg): argv[0]=id=16 debug: pam_yubico.c:767 (parse_cfg): argv[1]=authfile=/etc/yubikeyid debug: pam_yubico.c:767 (parse_cfg): argv[2]=debug debug: pam_yubico.c:768 (parse_cfg): id=16 debug: pam_yubico.c:769 (parse_cfg): key=(null) debug: pam_yubico.c:770 (parse_cfg): debug=1 debug: pam_yubico.c:771 (parse_cfg): alwaysok=0 debug: pam_yubico.c:772 (parse_cfg): verbose_otp=0 debug: pam_yubico.c:773 (parse_cfg): try_first_pass=0 debug: pam_yubico.c:774 (parse_cfg): use_first_pass=0 debug: pam_yubico.c:775 (parse_cfg): authfile=/etc/yubikeyid debug: pam_yubico.c:776 (parse_cfg): ldapserver=(null) debug: pam_yubico.c:777 (parse_cfg): ldap_uri=(null) debug: pam_yubico.c:778 (parse_cfg): ldapdn=(null) debug: pam_yubico.c:779 (parse_cfg): user_attr=(null) debug: pam_yubico.c:780 (parse_cfg): yubi_attr=(null) debug: pam_yubico.c:781 (parse_cfg): yubi_attr_prefix=(null) debug: pam_yubico.c:782 (parse_cfg): url=(null) debug: pam_yubico.c:783 (parse_cfg): urllist=(null) debug: pam_yubico.c:784 (parse_cfg): capath=(null) debug: pam_yubico.c:785 (parse_cfg): token_id_length=12 debug: pam_yubico.c:786 (parse_cfg): mode=client debug: pam_yubico.c:787 (parse_cfg): chalresp_path=(null) debug: pam_yubico.c:829 (pam_sm_authenticate): get user returned: XXXX YubiKey for `davand01': debug: pam_yubico.c:972 (pam_sm_authenticate): conv returned 44 bytes debug: pam_yubico.c:990 (pam_sm_authenticate): Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32. debug: pam_yubico.c:997 (pam_sm_authenticate): OTP: XXXXXXXXXXX ID: XXXXXXXX But after this point, nothing happens. I also tried using tcpdump -i host api.yubico.com, but that yields no result what so ever. What could be wrong? I used the pam_yubico that's available as a package for freebsd. Any ideas? |
|
| Author: | davand01 [ Tue Feb 17, 2015 8:32 am ] |
| Post subject: | Re: pam_yubico stalls, no api response |
Debug output shows the following: Quote: debug: pam_yubico.c:972 (pam_sm_authenticate): conv returned 45 bytes debug: pam_yubico.c:990 (pam_sm_authenticate): Skipping first 1 bytes. Length is 45, token_id set to 12 and token OTP always 32. debug: pam_yubico.c:997 (pam_sm_authenticate): OTP: sdfölkjasdflökjasdflökjasdflökjasdfölkj ID: sdfölkjasdf debug: pam_yubico.c:1012 (pam_sm_authenticate): Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK And upon looking at the file pam_yubico.c [https://github.com/Yubico/yubico-pam-dpkg/blob/master/pam_yubico.c], the pam apparently stalls somewhere within these lines of code: Code: retval = pam_set_item (pamh, PAM_AUTHTOK, onlypasswd); free (onlypasswd); if (retval != PAM_SUCCESS) { DBG (("set_item returned error: %s", pam_strerror (pamh, retval))); goto done; } } else password = NULL; rc = ykclient_request (ykc, otp); My suspicion is that it is the ykclient_request (ykc, otp) that won't work... But all libs are installed and linked into /usr/lib... Any ideas? BR //David |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|