Yubico Forum

PAM Authentication Error
Page 1 of 1

Author:  JulianLG [ Sat Oct 13, 2012 7:12 pm ]
Post subject:  PAM Authentication Error

Hi there,

i set up PAM authentication with yubikey following this guide: http://code.google.com/p/yubico-pam/wik ... dSSHViaPAM
It worked first, without setting a password for the specified client-ID (I think the guide is outdated in that point) but stopped working right now.

In the debug Output I see the following error:
[pam_yubico.c:parse_cfg(437)] called.
[pam_yubico.c:parse_cfg(438)] flags 1 argc 4
[pam_yubico.c:parse_cfg(440)] argv[0]=id=MYID
[pam_yubico.c:parse_cfg(440)] argv[1]=key=MYKEY
[pam_yubico.c:parse_cfg(440)] argv[2]=authfile=/etc/yk_mapping
[pam_yubico.c:parse_cfg(440)] argv[3]=debug
[pam_yubico.c:parse_cfg(441)] id=MYID
[pam_yubico.c:parse_cfg(442)] key=MYKEY
[pam_yubico.c:parse_cfg(443)] debug=1
[pam_yubico.c:parse_cfg(444)] alwaysok=0
[pam_yubico.c:parse_cfg(445)] verbose_otp=0
[pam_yubico.c:parse_cfg(446)] try_first_pass=0
[pam_yubico.c:parse_cfg(447)] use_first_pass=0
[pam_yubico.c:parse_cfg(448)] authfile=/etc/yk_mapping
[pam_yubico.c:parse_cfg(449)] ldapserver=(null)
[pam_yubico.c:parse_cfg(450)] ldap_uri=(null)
[pam_yubico.c:parse_cfg(451)] ldapdn=(null)
[pam_yubico.c:parse_cfg(452)] user_attr=(null)
[pam_yubico.c:parse_cfg(453)] yubi_attr=(null)
[pam_yubico.c:parse_cfg(454)] url=(null)
[pam_yubico.c:parse_cfg(455)] capath=(null)
[pam_yubico.c:parse_cfg(456)] token_id_length=12
[pam_yubico.c:pam_sm_authenticate(489)] get user returned: root
[pam_yubico.c:pam_sm_authenticate(582)] conv returned 53 bytes
[pam_yubico.c:pam_sm_authenticate(600)] Skipping first 9 bytes. Length is 53, token_id set to 12 and token OTP always 32.
[pam_yubico.c:pam_sm_authenticate(607)] OTP: vvukhfbhndnctgbvjvgnliuviejujjkbfjklnucjbulg ID: vvukhfbhndnc
[pam_yubico.c:pam_sm_authenticate(617)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK
[pam_yubico.c:pam_sm_authenticate(633)] ykclient return value (3): Request signature was invalid (BAD_SIGNATURE)
[pam_yubico.c:pam_sm_authenticate(675)] done. [Authentication service cannot retrieve authentication info]

Anyway, I correctly set up the pam config with a generated api id and key.

Can't get it to work any more :(

Here are some infos:

OS: OpenSUSE 11.4 (uname output: Linux 85-31-187-128 #1 SMP 2011-10-19 22:33:27 +0200 x86_64 x86_64 x86_64 GNU/Linux)
Installed PAM module Version: 2.5.99_git201103140807

pam config:
auth required pam_yubico.so id=<MYID> key=<MYKEY> authfile=/etc/yk_mapping debug
auth requisite pam_nologin.so
auth include common-auth
account requisite pam_nologin.so
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
session optional pam_lastlog.so silent noupdate showfailed

I'm using the online yubico validation service.

Hope you can help me!
Thanks in advance!

All the best,

Author:  JulianLG [ Sun Oct 14, 2012 3:51 pm ]
Post subject:  Re: PAM Authentication Error

OK, I solved it by setting up my own validation server (which is what looks like the better way for me), which works :)

Thanks anyways!

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group