| Yubico Forum https://forum.yubico.com/ |
|
| Suppressing PAM output for console login https://forum.yubico.com/viewtopic.php?f=5&t=592 |
Page 1 of 1 |
| Author: | tfritz [ Thu Nov 04, 2010 7:55 pm ] |
| Post subject: | Suppressing PAM output for console login |
I am seeing some output that I would like to suppress. I am running Debian Lenny 5.06 and have configured /etc/pam.d/login to use yubikey auth by adding the line: auth required pam_yubico.so id=16 This works fine except it prints the following during login. yubi-server login: root Yubikey for `root': [pam_yubico.c:check_user_token(117)] Authorization line: root:cccccccedtej:cccccccfgfve [pam_yubico.c:check_user_token(121)] Matched user: root [pam_yubico.c:check_user_token(125)] Authorization token: cccccccedtej [pam_yubico.c:check_user_token(128)] Match user/token as root/cccccccedtej Password: Is there a way to suppress this output? Thanks, Tom |
|
| Author: | Le_Coyote [ Thu Apr 14, 2011 1:20 pm ] |
| Post subject: | Re: Suppressing PAM output for console login |
Hi, I confirm the issue. A few statements in check_user_token() are preceded with the D macro. This macro is defined in util.h if DEBUG_PAM is defined, which is basically always, unless you remove it from Makefile's DEFS. Maybe we could move line 630 Code: #define DBG(x) if (cfg.debug) { D(x); } to the top, and replace calls to D with calls to DBG ? Cheers, Le Coyote |
|
| Author: | Fredrik-at-Yubico [ Thu Apr 14, 2011 2:25 pm ] |
| Post subject: | Re: Suppressing PAM output for console login |
Thanks for reporting. It is obviously not right to display that output when 'debug' is not requested, no. I can look into this if you add an issue to the issue tracker for yubico-pam http://code.google.com/p/yubico-pam/issues/list, but it will happen much sooner if you also supply me with a pull request on Github  . https://github.com/Yubico/yubico-pam/Fredrik |
|
| Author: | Le_Coyote [ Fri Apr 15, 2011 1:43 pm ] |
| Post subject: | Re: Suppressing PAM output for console login |
Hi there, It's done, you should have a message on github. Cheers, Le Coyote |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|