| Yubico Forum https://forum.yubico.com/ |
|
| sudo command in OS X authorizes without key https://forum.yubico.com/viewtopic.php?f=23&t=2152 |
Page 1 of 1 |
| Author: | ZIm [ Thu Jan 07, 2016 10:28 pm ] |
| Post subject: | sudo command in OS X authorizes without key |
I have just configured my OS X El Capitan for 2 factor authentication. It works for logins and authenticating features that require to unlock the lock icon in system settings. What i did notice tho is that the sudo command authenticates without the yubikey in the usb port. Is there a special setting for this? Isn't adding yubico_pam.so in /etc/pam.d/authorization supposed to protect all authorization in OS X? |
|
| Author: | bmorgenthaler [ Fri Jan 15, 2016 11:56 pm ] |
| Post subject: | Re: sudo command in OS X authorizes without key |
Sudo has it's own pam configuration module. I have pam_yubico configured in the following locations: Code: $ grep yubi /etc/pam.d/* /etc/pam.d/authorization:auth required pam_yubico.so mode=challenge-response /etc/pam.d/screensaver:auth required pam_yubico.so mode=challenge-response /etc/pam.d/sudo:auth required pam_yubico.so mode=challenge-response This covers logins (not filevault), screensaver and sudo. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|