Hello I just received my yubikey and I am trying to configure openvpn with pam on CentOS 5.5 32 bits (tried on 64 bits too). I m not using radius
I install ykclient and can get auth with the api.yubico.com server
I can connect and use openvpn with certs + username +password.
I modified the server file for the yubikey+openvpn (last line)
server.confCode:
local 192.168.4.16
port 443
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/vpn.lexum.com.crt
crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.5.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option WINS 192.168.4.29"
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
username-as-common-name
plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so openvpn
Now I create several files :
/etc/pam.d/openvpn
Code:
#%PAM-1.0
auth required /lib/security/pam_yubico.so id=2 authfile=/etc/openvpn/yubikey_mapping
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
and /etc/openvpn/yubikey_mapping
Code:
user1:ccccceedtieb
Now on the windows station I launch the openvpn client and type at the prompt:
username
password+press the yubikey to get the OTP
But I have this error :
Quote:
PAM unable to dlopen(/lib/security/pam_yubico.so)
Oct 5 16:46:41 parma openvpn[3730]: PAM [error: /lib/security/pam_yubico.so: undefined symbol: pam_set_data]
Oct 5 16:46:41 parma openvpn[3730]: PAM adding faulty module: /lib/security/pam_yubico.so
There is no connection to the api.yubico.com (using tcpdump)
I tried with pam_yubico 2.1.2 (EPEL repository) and 2.5 from source bu the problem is always the same
Any idea ?
TX
Login
FAQ
Search
