Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:40 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Wed Aug 20, 2014 1:24 pm 
Offline

Joined: Wed Aug 20, 2014 1:14 pm
Posts: 2
Hello,

I have a couple of Yubikeys which I have configured with my own authentication server; I have pam configured to use that server and it has all been working well.

I renewed my ssl certificates a few days ago and since then, the pam authentication has failed to work. If I put pam into debug mode, I get:

[pam_yubico.c:pam_sm_authenticate(972)] conv returned 44 bytes
[pam_yubico.c:pam_sm_authenticate(990)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32.
[pam_yubico.c:pam_sm_authenticate(997)] OTP: <OTP> ID: cccccccccccb
[pam_yubico.c:pam_sm_authenticate(1028)] ykclient return value (101): Could not parse server response
[pam_yubico.c:pam_sm_authenticate(1089)] done. [Authentication service cannot retrieve authentication info]

However, if I run curl from the command line to double check things:

curl "https://<url>/wsapi/2.0/verify?id=1&otp=cccccccccccbuejgbetvinrggvhbblghibrlbnefudif&nonce=12345678901234567890"
h=ZNrvPCKBjfbPA6sVuBaIQcZ2wtc=
t=2014-08-20T10:50:53Z0954
otp=cccccccccccbuejgbetvinrggvhbblghibrlbnefudif
nonce=12345678901234567890
sl=0
status=OK

If I put the old SSL certs back in place, everything starts working again. The only thing I can think of is that I use a 4096 byte SSL key, rather than the standard 2048 - could this case the issue?

Any idea how I can debug things? The rest of my SSL infrastructure works fine - Firefox recognises everything as normal; curl has no issues, I don't really know where to go next...

The pam config is:

auth sufficient pam_yubico.so debug id=1 url=https://<url>/wsapi/2.0/verify?id=%d&otp=%s

Cheers,
David


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group