Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:04 pm

All times are UTC + 1 hour

Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: PAM Authentication Error
PostPosted: Sat Oct 13, 2012 7:12 pm 

Joined: Sat Oct 13, 2012 7:05 pm
Posts: 2
Hi there,

i set up PAM authentication with yubikey following this guide: http://code.google.com/p/yubico-pam/wik ... dSSHViaPAM
It worked first, without setting a password for the specified client-ID (I think the guide is outdated in that point) but stopped working right now.

In the debug Output I see the following error:
[pam_yubico.c:parse_cfg(437)] called.
[pam_yubico.c:parse_cfg(438)] flags 1 argc 4
[pam_yubico.c:parse_cfg(440)] argv[0]=id=MYID
[pam_yubico.c:parse_cfg(440)] argv[1]=key=MYKEY
[pam_yubico.c:parse_cfg(440)] argv[2]=authfile=/etc/yk_mapping
[pam_yubico.c:parse_cfg(440)] argv[3]=debug
[pam_yubico.c:parse_cfg(441)] id=MYID
[pam_yubico.c:parse_cfg(442)] key=MYKEY
[pam_yubico.c:parse_cfg(443)] debug=1
[pam_yubico.c:parse_cfg(444)] alwaysok=0
[pam_yubico.c:parse_cfg(445)] verbose_otp=0
[pam_yubico.c:parse_cfg(446)] try_first_pass=0
[pam_yubico.c:parse_cfg(447)] use_first_pass=0
[pam_yubico.c:parse_cfg(448)] authfile=/etc/yk_mapping
[pam_yubico.c:parse_cfg(449)] ldapserver=(null)
[pam_yubico.c:parse_cfg(450)] ldap_uri=(null)
[pam_yubico.c:parse_cfg(451)] ldapdn=(null)
[pam_yubico.c:parse_cfg(452)] user_attr=(null)
[pam_yubico.c:parse_cfg(453)] yubi_attr=(null)
[pam_yubico.c:parse_cfg(454)] url=(null)
[pam_yubico.c:parse_cfg(455)] capath=(null)
[pam_yubico.c:parse_cfg(456)] token_id_length=12
[pam_yubico.c:pam_sm_authenticate(489)] get user returned: root
[pam_yubico.c:pam_sm_authenticate(582)] conv returned 53 bytes
[pam_yubico.c:pam_sm_authenticate(600)] Skipping first 9 bytes. Length is 53, token_id set to 12 and token OTP always 32.
[pam_yubico.c:pam_sm_authenticate(607)] OTP: vvukhfbhndnctgbvjvgnliuviejujjkbfjklnucjbulg ID: vvukhfbhndnc
[pam_yubico.c:pam_sm_authenticate(617)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK
[pam_yubico.c:pam_sm_authenticate(633)] ykclient return value (3): Request signature was invalid (BAD_SIGNATURE)
[pam_yubico.c:pam_sm_authenticate(675)] done. [Authentication service cannot retrieve authentication info]

Anyway, I correctly set up the pam config with a generated api id and key.

Can't get it to work any more :(

Here are some infos:

OS: OpenSUSE 11.4 (uname output: Linux 85-31-187-128 #1 SMP 2011-10-19 22:33:27 +0200 x86_64 x86_64 x86_64 GNU/Linux)
Installed PAM module Version: 2.5.99_git201103140807

pam config:
auth required pam_yubico.so id=<MYID> key=<MYKEY> authfile=/etc/yk_mapping debug
auth requisite pam_nologin.so
auth include common-auth
account requisite pam_nologin.so
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
session optional pam_lastlog.so silent noupdate showfailed

I'm using the online yubico validation service.

Hope you can help me!
Thanks in advance!

All the best,

Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sun Oct 14, 2012 3:51 pm 

Joined: Sat Oct 13, 2012 7:05 pm
Posts: 2
OK, I solved it by setting up my own validation server (which is what looks like the better way for me), which works :)

Thanks anyways!

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group