Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:29 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Mon Jan 28, 2013 3:14 pm 
Offline

Joined: Mon Jan 28, 2013 3:06 pm
Posts: 8
Hi all,

I have just setup my yubikey in order to login my Laptop under Debian. It is working but something is strange.
When I reach the login page, I am prompted with the yubikey field. If I press the button I am logged in.
But If I enter my password instead, I am asked the password a second time and them I am logged in. I'd like to make the yubikey mandatory, so that if it is not present, I can't login on my laptop.

Do you know how I can do ?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jan 29, 2013 9:12 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hello Moulip,

it sounds like you did not configured correctly PAM.

Please have a look at those links:

https://www.berrange.com/posts/2011/12/ ... -together/

or

viewtopic.php?f=16&t=822

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Tue Jan 29, 2013 2:52 pm 
Offline

Joined: Mon Jan 28, 2013 3:06 pm
Posts: 8
thank you for your answer.
I think PAM is well configured. But What I'd wish was to make the login impossible if the yubikey was not present.
And in this case, if the Yubikey is not present, I can still login with password.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jan 29, 2013 3:20 pm 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
That's why you should look at PAM configuration.

You probably are falling back to normal username and password if the Yubikey fails.

Are you using the Yubikey in challenge-response mode?

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Tue Jan 29, 2013 4:26 pm 
Offline

Joined: Mon Jan 28, 2013 3:06 pm
Posts: 8
Actually I am using it the way it is when supplied.
I have not changed anything. I think it is working in OTP.
And It is working because I am prompted the yubikey field and when I press the button I am connected.
Furthermore the links you gave me are for SSH connections and I am looking for performing local connections.


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 04, 2013 11:29 am 
Offline

Joined: Mon Jan 28, 2013 3:06 pm
Posts: 8
I have made some tests, and I can't use the required statement in my PAM configuration since I am stuck out of the laptop.
Indeed if I put required, the password nor the yubikey are granted.
I can only make it sufficient, and in this case I am using One-factor authentication (password or yubikey) which I don't want.
Do you know how to enable 2 factors authentication for local login ?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group