Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 6:02 pm

View unanswered posts | View active topics


Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour




Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | Next topic 
Author Message
megatraveller2
PostPosted: Wed Feb 04, 2015 4:27 pm 
Offline

Joined: Wed Feb 04, 2015 4:19 pm
Posts: 3
Hi,

I implemented my new Yubikey into my OS X PAM like described within https://developers.yubico.com/yubico-pam/MacOS_X_Challenge-Response.html

I entered the
Code:
auth       sufficient     pam_yubico.so mode=challenge-response debug
line into /etc/pam.d/sudo

That is what I get as Output when I try to sudo:

Code:
55-555-1::[20150204-160652]::mT@yg:~
$ sudo -i
Password:
debug: pam_yubico.c:764 (parse_cfg): called.
debug: pam_yubico.c:765 (parse_cfg): flags -2147483648 argc 2
debug: pam_yubico.c:767 (parse_cfg): argv[0]=mode=challenge-response
debug: pam_yubico.c:767 (parse_cfg): argv[1]=debug
debug: pam_yubico.c:768 (parse_cfg): id=-1
debug: pam_yubico.c:769 (parse_cfg): key=(null)
debug: pam_yubico.c:770 (parse_cfg): debug=1
debug: pam_yubico.c:771 (parse_cfg): alwaysok=0
debug: pam_yubico.c:772 (parse_cfg): verbose_otp=0
debug: pam_yubico.c:773 (parse_cfg): try_first_pass=0
debug: pam_yubico.c:774 (parse_cfg): use_first_pass=0
debug: pam_yubico.c:775 (parse_cfg): authfile=(null)
debug: pam_yubico.c:776 (parse_cfg): ldapserver=(null)
debug: pam_yubico.c:777 (parse_cfg): ldap_uri=(null)
debug: pam_yubico.c:778 (parse_cfg): ldapdn=(null)
debug: pam_yubico.c:779 (parse_cfg): user_attr=(null)
debug: pam_yubico.c:780 (parse_cfg): yubi_attr=(null)
debug: pam_yubico.c:781 (parse_cfg): yubi_attr_prefix=(null)
debug: pam_yubico.c:782 (parse_cfg): url=(null)
debug: pam_yubico.c:783 (parse_cfg): urllist=(null)
debug: pam_yubico.c:784 (parse_cfg): capath=(null)
debug: pam_yubico.c:785 (parse_cfg): token_id_length=12
debug: pam_yubico.c:786 (parse_cfg): mode=chresp
debug: pam_yubico.c:787 (parse_cfg): chalresp_path=(null)
debug: pam_yubico.c:829 (pam_sm_authenticate): get user returned: mT
debug: pam_yubico.c:506 (do_challenge_response): Loading challenge from file /Users/mT/.yubico/challenge-3016718
debug: util.c:270 (load_chalresp_state): Challenge: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, salt: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, iterations: 10000, slot: 2
debug: pam_yubico.c:584 (do_challenge_response): Got the expected response, generating new challenge (63 bytes).
debug: pam_yubico.c:664 (do_challenge_response): Challenge-response success!


So, it give me a success at the end, but OS X seems to be really unimpressed by this and still ask me for the password -.-

Where do I go wrong? :/

I already searched for one week, but of course I do also not want to brick my box, by removing password auth from the /etc/pam.d/sudo

It also fails when I try to do the same in the file /etc/pam.d/screensaver :(

Advance Thanks
Top
 Profile  
Reply with quote  

Share On:
Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

megatraveller2
PostPosted: Fri Feb 13, 2015 3:05 pm 
Offline

Joined: Wed Feb 04, 2015 4:19 pm
Posts: 3
So, at least I got that far https://github.com/Yubico/yubico-pam/is ... t-74229128

Maybe I will find here somebody who got the Screensaver login on OS X 10.10 up and running.
Top
 Profile  
Reply with quote  
basteed
PostPosted: Sat Sep 26, 2015 8:06 pm 
Offline

Joined: Sat Sep 26, 2015 7:52 pm
Posts: 3
megatraveller2 wrote:
So, at least I got that far https://github.com/Yubico/yubico-pam/is ... t-74229128

Maybe I will find here somebody who got the Screensaver login on OS X 10.10 up and running.

I have just got screensaver 2FA working on 10.10.5 using homebrew installed pam_yubico and my Neo-n

As described here YubiKey expects to find the pam_yubico.so file in /usr/lib/pam. Homebrew of course cannot install to system dirs (requires sudo), so I moved it there from the homebrew installed location - for v2.19:
Code:
sudo mv /usr/local/Cellar/pam_yubico/2.19/lib/security/pam_yubico.so /usr/lib/pam/pam_yubico.so

You could use a sym link, but that may be a problem when you upgrade to newer version, as the path will change.
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 6 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group