Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:16 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Thu Feb 12, 2015 10:06 pm 
Offline

Joined: Thu Feb 12, 2015 10:00 pm
Posts: 2
Hi,

I'm trying to get Openvpn to work with pam on pfsense. So far, no luck. In order to debug it, i tried using in in the /etc/pam.d/su file, with the following result:

Code:
debug: pam_yubico.c:764 (parse_cfg): called.
debug: pam_yubico.c:765 (parse_cfg): flags 0 argc 3
debug: pam_yubico.c:767 (parse_cfg): argv[0]=id=16
debug: pam_yubico.c:767 (parse_cfg): argv[1]=authfile=/etc/yubikeyid
debug: pam_yubico.c:767 (parse_cfg): argv[2]=debug
debug: pam_yubico.c:768 (parse_cfg): id=16
debug: pam_yubico.c:769 (parse_cfg): key=(null)
debug: pam_yubico.c:770 (parse_cfg): debug=1
debug: pam_yubico.c:771 (parse_cfg): alwaysok=0
debug: pam_yubico.c:772 (parse_cfg): verbose_otp=0
debug: pam_yubico.c:773 (parse_cfg): try_first_pass=0
debug: pam_yubico.c:774 (parse_cfg): use_first_pass=0
debug: pam_yubico.c:775 (parse_cfg): authfile=/etc/yubikeyid
debug: pam_yubico.c:776 (parse_cfg): ldapserver=(null)
debug: pam_yubico.c:777 (parse_cfg): ldap_uri=(null)
debug: pam_yubico.c:778 (parse_cfg): ldapdn=(null)
debug: pam_yubico.c:779 (parse_cfg): user_attr=(null)
debug: pam_yubico.c:780 (parse_cfg): yubi_attr=(null)
debug: pam_yubico.c:781 (parse_cfg): yubi_attr_prefix=(null)
debug: pam_yubico.c:782 (parse_cfg): url=(null)
debug: pam_yubico.c:783 (parse_cfg): urllist=(null)
debug: pam_yubico.c:784 (parse_cfg): capath=(null)
debug: pam_yubico.c:785 (parse_cfg): token_id_length=12
debug: pam_yubico.c:786 (parse_cfg): mode=client
debug: pam_yubico.c:787 (parse_cfg): chalresp_path=(null)
debug: pam_yubico.c:829 (pam_sm_authenticate): get user returned: XXXX
YubiKey for `davand01':
debug: pam_yubico.c:972 (pam_sm_authenticate): conv returned 44 bytes
debug: pam_yubico.c:990 (pam_sm_authenticate): Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32.
debug: pam_yubico.c:997 (pam_sm_authenticate): OTP: XXXXXXXXXXX ID: XXXXXXXX


But after this point, nothing happens. I also tried using tcpdump -i host api.yubico.com, but that yields no result what so ever. What could be wrong? I used the pam_yubico that's available as a package for freebsd.

Any ideas?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Feb 17, 2015 8:32 am 
Offline

Joined: Thu Feb 12, 2015 10:00 pm
Posts: 2
Debug output shows the following:
Quote:
debug: pam_yubico.c:972 (pam_sm_authenticate): conv returned 45 bytes
debug: pam_yubico.c:990 (pam_sm_authenticate): Skipping first 1 bytes. Length is 45, token_id set to 12 and token OTP always 32.
debug: pam_yubico.c:997 (pam_sm_authenticate): OTP: sdfölkjasdflökjasdflökjasdflökjasdfölkj ID: sdfölkjasdf
debug: pam_yubico.c:1012 (pam_sm_authenticate): Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK


And upon looking at the file pam_yubico.c [https://github.com/Yubico/yubico-pam-dpkg/blob/master/pam_yubico.c], the pam apparently stalls somewhere within these lines of code:
Code:
      retval = pam_set_item (pamh, PAM_AUTHTOK, onlypasswd);
      free (onlypasswd);
      if (retval != PAM_SUCCESS)
   {
     DBG (("set_item returned error: %s", pam_strerror (pamh, retval)));
     goto done;
   }
    }
  else
    password = NULL;

  rc = ykclient_request (ykc, otp);


My suspicion is that it is the ykclient_request (ykc, otp) that won't work... But all libs are installed and linked into /usr/lib... Any ideas?

BR
//David


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group