| Yubico Forum https://forum.yubico.com/ |
|
| [BUG] pam config no longer working after SSL renewal https://forum.yubico.com/viewtopic.php?f=23&t=1448 |
Page 1 of 1 |
| Author: | hobleyd [ Wed Aug 20, 2014 1:24 pm ] |
| Post subject: | [BUG] pam config no longer working after SSL renewal |
Hello, I have a couple of Yubikeys which I have configured with my own authentication server; I have pam configured to use that server and it has all been working well. I renewed my ssl certificates a few days ago and since then, the pam authentication has failed to work. If I put pam into debug mode, I get: [pam_yubico.c:pam_sm_authenticate(972)] conv returned 44 bytes [pam_yubico.c:pam_sm_authenticate(990)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32. [pam_yubico.c:pam_sm_authenticate(997)] OTP: <OTP> ID: cccccccccccb [pam_yubico.c:pam_sm_authenticate(1028)] ykclient return value (101): Could not parse server response [pam_yubico.c:pam_sm_authenticate(1089)] done. [Authentication service cannot retrieve authentication info] However, if I run curl from the command line to double check things: curl "https://<url>/wsapi/2.0/verify?id=1&otp=cccccccccccbuejgbetvinrggvhbblghibrlbnefudif&nonce=12345678901234567890" h=ZNrvPCKBjfbPA6sVuBaIQcZ2wtc= t=2014-08-20T10:50:53Z0954 otp=cccccccccccbuejgbetvinrggvhbblghibrlbnefudif nonce=12345678901234567890 sl=0 status=OK If I put the old SSL certs back in place, everything starts working again. The only thing I can think of is that I use a 4096 byte SSL key, rather than the standard 2048 - could this case the issue? Any idea how I can debug things? The rest of my SSL infrastructure works fine - Firefox recognises everything as normal; curl has no issues, I don't really know where to go next... The pam config is: auth sufficient pam_yubico.so debug id=1 url=https://<url>/wsapi/2.0/verify?id=%d&otp=%s Cheers, David |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|