[SOLVED] Yubikey, su and /usr/bin/kupdateapplet

boblikeslinux · 06-16-2010, 05:17 AM

I can't make my Yubikey work with these using YubiPAM-1.0.4. Login will allow me to login with my OTP and so will sudo, su and kupdateapplet refuse and I don't understand enough about PAM to know why. Can anyone help?

unSpawn · 06-16-2010, 04:53 PM

YubiPAM installs the /lib/security/pam_yubikey.so PAM module. All PAM stack files by default reside in the /etc/pam.d directory. Named for the service they provide (ssh, login, su), a PAM stack may include a "auth include" placeholder line referencing includes like "common-account", "common-password" or "common-session", but other than those includes it is stand-alone. This means that for every service you want to use your Yubikey with you will need to add the appropriate "auth require pam_yubikey.so" lines. Please see the README. Please think about which services you want to use pam_yubikey.so with. Please think about physical security of your key.

boblikeslinux · 06-17-2010, 04:06 AM

I made a patch which fixes the problem:

http://forum.yubico.com/viewtopic.php?f=6&t=543

unSpawn · 06-17-2010, 01:10 PM

Thanks!