I have set up pam SSH authentication using yubikey-pam lib and for SSH it works fine (and for sudo too). Since pam module is called by pam-common, yunikey auth is also required for accessing IMAP account and I can't get this to work. The IMAP server is dovecot (debian) and pam-yubikey logs show that there's curl error:
Code:
Jan 2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(990)] Skipping first 9 bytes. Length is 53, token_id set to 12 and token OTP always 32.
Jan 2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(997)] OTP: REDACTED ID: REDACTED
Jan 2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1012)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK
Jan 2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1028)] ykclient return value (109): Error performing curl
Jan 2 14:33:36 vps dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1091)] done. [Authentication service cannot retrieve authentication info]
I tried giving both dovecot users real shell (system dovecot accounts have /bin/false as shell) but it doesn't work. I'm out of ideas.
Login
FAQ
Search
