|issue with yubikey and pam.d on centos 6.5
|Page 1 of 1|
|Author:||prensrfc [ Tue Jul 01, 2014 4:16 pm ]|
|Post subject:||issue with yubikey and pam.d on centos 6.5|
Hi, i've got a weird problem which I can't seem to diagnose.
I have 2 near identical Centos 6.5 servers, one a standard install "Web Server" build and one a standard install "Database Server" build, not had a chance to mess with them in order to add anything non standard apart from for yubikey;
CentOS release 6.5 (Final)
pulled the latest rpm's from epel repo;
/etc/pam.d/sshd has the following;
auth required pam_yubico.so id=[MYCODE] key=[MYKEY] debug authfile=/etc/yubikeys url=http://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s
/etc/yubikeys contains the correct key for the user
/etc/ssh/sshd_config has the following added/enabled;
and on one server (the web version) it works perfectly and on the other (the db version) it doesn't!
only error message is in /var/log/secure;
Jul 1 15:41:14 localhost sshd: Postponed keyboard-interactive for USER from IPADDR port 55814 ssh2
Jul 1 15:41:19 localhost sshd: Postponed keyboard-interactive/pam for USER from IPADDR port 55814 ssh2
Jul 1 15:41:26 localhost sshd: error: PAM: Authentication service cannot retrieve authentication info for USER from IPADDR
the only thing that is noticeable is is a slight delay after the Yubikey is pressed and before the password is asked for on the working server and it there is no delay on the non-working server.
both network's look okay and can resolve the api address fine, i can't seem to see any explanation for this.
anyone any ideas?
|Page 1 of 1||All times are UTC + 1 hour|
|Powered by phpBB® Forum Software © phpBB Group