Yubico Forum
https://forum.yubico.com/

IMAP auth through PAM problem
https://forum.yubico.com/viewtopic.php?f=5&t=2505
Page 1 of 1

Author:  plum [ Thu Dec 15, 2016 11:12 pm ]
Post subject:  IMAP auth through PAM problem

I've successfully deployed yubikey authentication for SSH (and sudo tested so far) on Debian jessie. The PAM config line is as follows:

Code:
auth    required        pam_yubico.so mode=client try_first_pass id=REDACTED debug debug_file=/var/log/yk.log key=REDACTED


I tried to login to the IMAP the same way as to SSH (password + yubikey OTP) as it uses the same auth config but it fails:

Code:
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(830)] get user returned: REDACTED
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(851)] get password returned: (null)
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(972)] conv returned 53 bytes
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(990)] Skipping first 9 bytes. Length is 53, token_id set to 12 and token OTP always 32.
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(997)] OTP: REDACTED ID: REDACTED
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1012)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1028)] ykclient return value (109): Error performing curl
Dec 15 22:57:12 vps172042 dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1091)] done. [Authentication service cannot retrieve authentication info]


I can't see why the same PAM sometimes works (SSH, sudo) and sometimes fails with curl error. Any ideas?

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/