Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:18 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Wed Aug 20, 2014 10:08 am 
Offline

Joined: Wed Aug 20, 2014 10:00 am
Posts: 5
I can't get Yubikey to work with SSH on RHEL 7 / CentOS 7. I always get the error
Code:
debug1: PAM: initializing for "root"
PAM unable to resolve symbol: pam_sm_authenticate
PAM unable to resolve symbol: pam_sm_setcred
debug1: PAM: setting PAM_RHOST to "192.168.122.1"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user root service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
password check failed for user (root)
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.122.1  user$
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
debug1: PAM: password authentication failed for root: Module is unknown

This is what I did to install Yubikey on RHEL 7 / CentOS 7:
Code:
rpm -Uvh http://download.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
yum -y install libyubikey

In /etc/pam.d/sshd:
Code:
#%PAM-1.0
auth required /usr/lib64/libyubikey.so id=16 authfile=/etc/yubikey_mappings
...the rest of the file

In /etc/yubikey_mappings:
Code:
root:cccc....

Code:
systemctl restart sshd.service

But no luck. On RHEL 6 and CentOS 6, everything is working fine.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Sep 23, 2014 10:11 pm 
Offline

Joined: Tue Sep 23, 2014 9:22 pm
Posts: 1
I got a little further than you did.

I did the same bits with yum, but placed my "auth sufficient libyubikey.so id=16 authfile=/etc/yubikey_mappings" (note the change from "required" to "sufficient" line in /etc/pam.d/password-auth

I then realized that CentOS 7 was looking in /usr/lib64/security for the PAM *.so files, so I went there and linked to the Yubikey library:
Code:
ln -s /usr/lib64/libyubikey.so.0 /usr/lib64/security/libyubikey.so

This yielded an error in /var/log/secure every time I tried to SSH in to my host:
Code:
Sep 23 16:03:46 netservices3 sshd[3961]: PAM unable to resolve symbol: pam_sm_authenticate
Sep 23 16:03:46 netservices3 sshd[3961]: PAM unable to resolve symbol: pam_sm_setcred


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 25, 2014 10:35 am 
Offline

Joined: Wed Aug 20, 2014 10:00 am
Posts: 5
Ok, I tried the same - there is no need to set a symbolic link if you provide the correct filename directly in /etc/pam.d/sshd:

Code:
auth sufficient /usr/lib64/libyubikey.so.0 id=16 authfile=/etc/yubikey_mappings


Despite of that I get the same results:

Code:
PAM unable to resolve symbol: pam_sm_authenticate
PAM unable to resolve symbol: pam_sm_setcred


:(


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 25, 2014 11:48 am 
Offline

Joined: Wed Aug 20, 2014 10:00 am
Posts: 5
If you compile

* ykclient-2.13
* libyubikey-1.12
* ykpers-1.15.3

and

* yubico-pam from Github

then you will get the pam_yubico.so. But activating now results in
Code:
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

This seems due to /etc/pam.d/password-auth:
Code:
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success


But whatever you change here, I can't login using YubiKey.


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 20, 2014 10:01 am 
Offline

Joined: Wed Aug 20, 2014 10:00 am
Posts: 5
@Yubico: is there a solution? Can someone guide me with some hints on this issue?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group