Yubico Forum
https://forum.yubico.com/

OS X 10.10.2 Challange Response kind of working...not
https://forum.yubico.com/viewtopic.php?f=26&t=1732		 Page 1 of 1
Author:  megatraveller2 [ Wed Feb 04, 2015 4:27 pm ]
Post subject:  OS X 10.10.2 Challange Response kind of working...not
Hi,

I implemented my new Yubikey into my OS X PAM like described within https://developers.yubico.com/yubico-pam/MacOS_X_Challenge-Response.html

I entered the
Code:
auth       sufficient     pam_yubico.so mode=challenge-response debug
line into /etc/pam.d/sudo

That is what I get as Output when I try to sudo:

Code:
55-555-1::[20150204-160652]::mT@yg:~
$ sudo -i
Password:
debug: pam_yubico.c:764 (parse_cfg): called.
debug: pam_yubico.c:765 (parse_cfg): flags -2147483648 argc 2
debug: pam_yubico.c:767 (parse_cfg): argv[0]=mode=challenge-response
debug: pam_yubico.c:767 (parse_cfg): argv[1]=debug
debug: pam_yubico.c:768 (parse_cfg): id=-1
debug: pam_yubico.c:769 (parse_cfg): key=(null)
debug: pam_yubico.c:770 (parse_cfg): debug=1
debug: pam_yubico.c:771 (parse_cfg): alwaysok=0
debug: pam_yubico.c:772 (parse_cfg): verbose_otp=0
debug: pam_yubico.c:773 (parse_cfg): try_first_pass=0
debug: pam_yubico.c:774 (parse_cfg): use_first_pass=0
debug: pam_yubico.c:775 (parse_cfg): authfile=(null)
debug: pam_yubico.c:776 (parse_cfg): ldapserver=(null)
debug: pam_yubico.c:777 (parse_cfg): ldap_uri=(null)
debug: pam_yubico.c:778 (parse_cfg): ldapdn=(null)
debug: pam_yubico.c:779 (parse_cfg): user_attr=(null)
debug: pam_yubico.c:780 (parse_cfg): yubi_attr=(null)
debug: pam_yubico.c:781 (parse_cfg): yubi_attr_prefix=(null)
debug: pam_yubico.c:782 (parse_cfg): url=(null)
debug: pam_yubico.c:783 (parse_cfg): urllist=(null)
debug: pam_yubico.c:784 (parse_cfg): capath=(null)
debug: pam_yubico.c:785 (parse_cfg): token_id_length=12
debug: pam_yubico.c:786 (parse_cfg): mode=chresp
debug: pam_yubico.c:787 (parse_cfg): chalresp_path=(null)
debug: pam_yubico.c:829 (pam_sm_authenticate): get user returned: mT
debug: pam_yubico.c:506 (do_challenge_response): Loading challenge from file /Users/mT/.yubico/challenge-3016718
debug: util.c:270 (load_chalresp_state): Challenge: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, salt: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, iterations: 10000, slot: 2
debug: pam_yubico.c:584 (do_challenge_response): Got the expected response, generating new challenge (63 bytes).
debug: pam_yubico.c:664 (do_challenge_response): Challenge-response success!


So, it give me a success at the end, but OS X seems to be really unimpressed by this and still ask me for the password -.-

Where do I go wrong? :/

I already searched for one week, but of course I do also not want to brick my box, by removing password auth from the /etc/pam.d/sudo

It also fails when I try to do the same in the file /etc/pam.d/screensaver :(

Advance Thanks
Author:  megatraveller2 [ Fri Feb 13, 2015 3:05 pm ]
Post subject:  Re: OS X 10.10.2 Challange Response kind of working...not
So, at least I got that far https://github.com/Yubico/yubico-pam/is ... t-74229128

Maybe I will find here somebody who got the Screensaver login on OS X 10.10 up and running.
Author:  basteed [ Sat Sep 26, 2015 8:06 pm ]
Post subject:  Re: OS X 10.10.2 Challange Response kind of working...not
megatraveller2 wrote:
So, at least I got that far https://github.com/Yubico/yubico-pam/is ... t-74229128

Maybe I will find here somebody who got the Screensaver login on OS X 10.10 up and running.

I have just got screensaver 2FA working on 10.10.5 using homebrew installed pam_yubico and my Neo-n

As described here YubiKey expects to find the pam_yubico.so file in /usr/lib/pam. Homebrew of course cannot install to system dirs (requires sudo), so I moved it there from the homebrew installed location - for v2.19:
Code:
sudo mv /usr/local/Cellar/pam_yubico/2.19/lib/security/pam_yubico.so /usr/lib/pam/pam_yubico.so

You could use a sym link, but that may be a problem when you upgrade to newer version, as the path will change.
Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/