Yubico Forum :: View topic - Yubikey as a Two-factor legacy Username + password + Yubikey

Reported by timm.tem, May 08, 2008
Simon
It would be great if we could use the Yubikey to do Two-factor legacy
Username + password + YubiKey in exactly the same fashion it works on the
website http://www.yubico.com/demo/index.php.
As currently with the way PAM works anyone who has my key can login to my
server
Thank you
Tim

Comment 1 by dion.rowney, Jun 09, 2008
I am currently try to work on this, however I find myself bringing in the entire
pam_unix module... Is there a better way to avoid code duplication?
Or can my pam_yubico module call the pam_unix module from within?

Comment 2 by kittypee, Jun 13, 2008
This can be done simply by stacking the pam modules separately.
auth required pam_unix.so ...
auth required pam_yubikey.so ...
This causes pam to require both modules to be run, and both must pass. Although this solution again would
require that bug #4 be fixed.

Comment 3 by dion.rowney, Jun 16, 2008
It seems that ssh only will prompt for a password regardless and does not give
multiple methods.

Author:	timm_tem [ Fri Jul 25, 2008 10:22 pm ]
Post subject:	Yubikey as a Two-factor legacy Username + password + Yubikey
Again sorry just wondering if any one could help... This is taken from http://code.google.com/p/yubico-pam/issues/detail?id=7 Quote: Reported by timm.tem, May 08, 2008 Simon It would be great if we could use the Yubikey to do Two-factor legacy Username + password + YubiKey in exactly the same fashion it works on the website http://www.yubico.com/demo/index.php. As currently with the way PAM works anyone who has my key can login to my server Thank you Tim Comment 1 by dion.rowney, Jun 09, 2008 I am currently try to work on this, however I find myself bringing in the entire pam_unix module... Is there a better way to avoid code duplication? Or can my pam_yubico module call the pam_unix module from within? Comment 2 by kittypee, Jun 13, 2008 This can be done simply by stacking the pam modules separately. auth required pam_unix.so ... auth required pam_yubikey.so ... This causes pam to require both modules to be run, and both must pass. Although this solution again would require that bug #4 be fixed. Comment 3 by dion.rowney, Jun 16, 2008 It seems that ssh only will prompt for a password regardless and does not give multiple methods. kittypee says that you can stack pam modules which does prompt for Yubikey and Password but putty fails saying Network Error: Software causes connection abort The extract from my /etc/pam.d/ssh Code: auth required pam_yubico.so id=16 debug auth required pam_env.so # [1] auth required pam_env.so envfile=/etc/default/locale Any help again would be greatfully appreciated Thank you again in advanced Tim

Author:	Simon [ Tue Sep 02, 2008 10:25 am ]
Post subject:	Re: Yubikey as a Two-factor legacy Username + password + Yubikey
Have you configured SSH to use PAM? It doesn't by default, I think. /Simon

Yubico Forum https://forum.yubico.com/

Yubikey as a Two-factor legacy Username + password + Yubikey https://forum.yubico.com/viewtopic.php?f=5&t=149	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/