Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:25 pm

View unanswered posts | View active topics


Board index » Yubico Software » Computer Logon - Windows | Linux | MacOS | freeBSD

All times are UTC + 1 hour




Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | Next topic 
Author Message
erikindre
PostPosted: Sat Feb 04, 2017 12:35 am 
Offline

Joined: Fri Feb 03, 2017 5:25 am
Posts: 2
Hi,
I just purchased my Yubikey4 which I intended to use for one-factor authentication for logon to Fedora 25.

I followed the instructions found here: http://blog.fpmurphy.com/2010/11/enable ... ra-14.html

This works fine for the GDM password authentication. However, immediately after logon I get a GNOME keyring popup prompting me for the password to continue. I've never seen this prompt before. After entering my keyring password everything works fine, but the whole idea was to avoid having to write my password. My GNOME keyring password and my user logon password are identical.

I'm a long time Linux user, but no expert on administration and configuration. What's causing this? Any suggestions on how to solve it?

Here is my gdm-password file:
Code:
auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth  sufficient pam_yubico.so  id=16 authfile=/etc/yubikeys
auth        optional      pam_gnome_keyring.so
auth        include       postlogin
account     required      pam_nologin.so
account     include       password-auth
password    substack       password-auth
-password   optional       pam_gnome_keyring.so use_authtok
session     required      pam_selinux.so close
session     required      pam_loginuid.so
session     optional      pam_console.so
session     required      pam_selinux.so open
session     optional      pam_keyinit.so force revoke
session     required      pam_namespace.so
session     include       password-auth
session     optional      pam_gnome_keyring.so auto_start
session     include       postlogin


Thanks,
Erik
Top
 Profile  
Reply with quote  

Share On:
Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

mattlegitt
PostPosted: Sat Feb 04, 2017 2:11 am 
Offline
Yubico Moderator
Yubico Moderator

Joined: Tue Jan 05, 2016 5:03 pm
Posts: 27
Hello Erik,

It looks as though you may have typo in your config file I see a "-password optional pam_gnome_keyring.so use_authtok" if you were commenting it out it should be "#password optional pam_gnome_keyring.so use_authtok"

Best Regards,
Matthew
Yubico Support
Top
 Profile  
Reply with quote  
erikindre
PostPosted: Sat Feb 04, 2017 3:55 am 
Offline

Joined: Fri Feb 03, 2017 5:25 am
Posts: 2
I'm pretty confident I never edited this line. This is what it looked like originally, but I honestly don't know what the - symbol does. I did try to comment it out and that didn't make any difference.

edit: I've tried anything including commenting this line out, and removing the "-", this makes no difference. I'm assuming the problem is that since there is no password authentication any more, GNOME keyring doesn't have any way to authenticate using the login password. I'm now trying to set a blank keyring password, but I can't find a way to make that work either.
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Board index » Yubico Software » Computer Logon - Windows | Linux | MacOS | freeBSD

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group