Yubico Forum https://forum.yubico.com/ |
|
[Q?] OSX 10.10.5 permits login with wrong password https://forum.yubico.com/viewtopic.php?f=23&t=2029 |
Page 1 of 1 |
Author: | nightcrawler086 [ Sun Sep 13, 2015 10:11 pm ] |
Post subject: | [Q?] OSX 10.10.5 permits login with wrong password |
I might be misunderstanding how this is supposed to work... I'm running OSX 10.10.5 and use a set of yubikeys in CHAP mode for user login and for the screensaver. I tried to log in to my machine today with the wrong password. When I touched my yubikey to send the challenge it let me log in, however I couldn't do much since that password wouldn't unlock my keychain. I tried logging in again to make sure I wasn't mistaken (just typing a random string of characters) and it permitted me to log in again. Is this how it's supposed to work when you change the relevant files in the /etc/pam.d directory? I was expecting it to verify my password and the challenge from my Yubikey to allow me to log in. It does not seem like this is happening. Am I missing something? |
Author: | Tom2 [ Mon Sep 14, 2015 11:19 am ] |
Post subject: | Re: [Q?] OSX 10.10.5 permits login with wrong password |
I am afraid your PAM module is not probably configured. The Yubikey in Challenge Response mode should work without touch. It would be quite tricky to trigger the CR at will by pressing at the right time. did you followed this: https://developers.yubico.com/yubico-pa ... ponse.html ? |
Author: | nightcrawler086 [ Wed Sep 16, 2015 1:59 pm ] |
Post subject: | Re: [Q?] OSX 10.10.5 permits login with wrong password |
You're right. I had rebuilt my mac and put the auth line in there, but had it set to Code: sufficient instead of Code: required Thanks for your help. |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |