Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:54 am

All times are UTC + 1 hour

Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Mon May 14, 2012 2:30 am 

Joined: Mon May 14, 2012 1:55 am
Posts: 2
The Yubico PAM Module seems to require changes to the PAM stack for each user that will be authenticated with a YubiKey. Specifically, it seems that each user's client identity must be added to the right PAM configuration file before the user can be authenticated.

While it makes sense to add authorized keys to an authentication database such as /etc/yubikey_mappings or ~/.yubico/authorized_yubikeys, it seems like a bad practice to have to edit the PAM stack itself for each individual user. I would definitely like to avoid having to hard-code user identities into the PAM stack this way.

So, is it possible to avoid hard-coding the id parameter to the pam_yubico.so module itself? If not, are there any other PAM modules that can leverage YubiKey authentication without hard-coding the stack?

Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed May 16, 2012 12:46 am 

Joined: Wed Jan 11, 2012 8:48 pm
Posts: 5
The id parameter to the PAM module indicates the API key ID, not the user ID. This ID is returned with the key you get from the "Get API Key" form if you're using the public service, or it's in the "clients" table for your internal validation server, along with the API key.

To clarify, when documentation talks about a "client", that's a piece of software requesting authentication services from the API -- a user submits an OTP to the client, which submits it to the server in a request signed with the API key.

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group