LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Yubikey, su and /usr/bin/kupdateapplet (https://www.linuxquestions.org/questions/linux-security-4/yubikey-su-and-usr-bin-kupdateapplet-814469/)

boblikeslinux 06-16-2010 05:17 AM
Yubikey, su and /usr/bin/kupdateapplet
 
I can't make my Yubikey work with these using YubiPAM-1.0.4. Login will allow me to login with my OTP and so will sudo, su and kupdateapplet refuse and I don't understand enough about PAM to know why. Can anyone help?

unSpawn 06-16-2010 04:53 PM
YubiPAM installs the /lib/security/pam_yubikey.so PAM module. All PAM stack files by default reside in the /etc/pam.d directory. Named for the service they provide (ssh, login, su), a PAM stack may include a "auth include" placeholder line referencing includes like "common-account", "common-password" or "common-session", but other than those includes it is stand-alone. This means that for every service you want to use your Yubikey with you will need to add the appropriate "auth require pam_yubikey.so" lines. Please see the README. Please think about which services you want to use pam_yubikey.so with. Please think about physical security of your key.

boblikeslinux 06-17-2010 04:06 AM
I made a patch which fixes the problem:

http://forum.yubico.com/viewtopic.php?f=6&t=543

unSpawn 06-17-2010 01:10 PM
Thanks!


All times are GMT -5. The time now is 06:51 PM.