Package Details: yubico-pam-git 2.19.r12.g11326d0-1

Git Clone URL: https://aur.archlinux.org/yubico-pam-git.git (read-only, click to copy)
Package Base: yubico-pam-git
Description: Yubico YubiKey PAM module - git checkout
Upstream URL: https://github.com/Yubico/yubico-pam
Licenses: BSD
Conflicts: pam_yubico, yubico-pam
Provides: pam_yubico, yubico-pam
Submitter: Gohu
Maintainer: eworm
Last Packager: eworm
Votes: 13
Popularity: 0.000000
First Submitted: 2011-04-24 19:09 (UTC)
Last Updated: 2015-08-13 05:31 (UTC)

Latest Comments

1 2 Next › Last »

slester commented on 2015-08-13 02:29 (UTC)

Please add asciidoc to dependencies.

belette commented on 2015-06-01 13:17 (UTC)

Many thanks eworm. I tried again to launch the script with a tcpdump running but nothing is seen, I suspect that once the test is done even if I makepkg -s -f it will not happen again.. little question regarding pam with ssh, the documentation asks to put : auth sufficient pam_yubico.so id=16 authfile=/etc/authkeyfile into /etc/pam.d/sshd I realized that in case of hitting enter when Yubikey is waiting for OTP then PAM is asking me for a password. In case I would like to force OTP I comment some rule and did : auth sufficient pam_yubico.so id=16 authfile=/etc/authkeyfile #auth required pam_securety.so #disable remote root #auth include system-remote-login #account include system-remote-login #password include system-remote-login session include system-remote-login Is it correct in term of implementation / security? It is working correctly but I just doubt about the best practices.. Many thanks!

eworm commented on 2015-05-31 21:56 (UTC)

make check asks the Yubico authentication server with some default credentials. This happens via http or https.

belette commented on 2015-05-31 21:30 (UTC)

Thanks for your comment. curl was installed. I realized that it was my iptables issue. Is there any special test remotely needed to be done by the script? Many thanks

eworm commented on 2015-05-31 18:15 (UTC)

Possibly you are missing curl. Can you install that and retry?

belette commented on 2015-05-30 21:02 (UTC)

Even if perl-net-ldap-server is installed and up to date + all others dependencies I am unable to make check install.. I am trying to install yubico-pam using the git version, I installed all dependencies but I am failing on the last stage .. I tried to use --without-ldap when running ./configure as I don't need it but it keeps failing when make check install If anyone has an idea I would appreciate a lot :) This is the test-suite.log =========================================== pam_yubico 2.20: tests/test-suite.log =========================================== # TOTAL: 3 # PASS: 2 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: pam_test ============== YKVAL mockup started on 30559 at ./aux/ykval.pl line 52. YKVAL mockup started on 17502 at ./aux/ykval.pl line 52. [pam_yubico.c:parse_cfg(729)] called. [pam_yubico.c:parse_cfg(730)] flags 0 argc 4 [pam_yubico.c:parse_cfg(732)] argv[0]=id=1 [pam_yubico.c:parse_cfg(732)] argv[1]=url=http://localhost:17502/wsapi/2/verify?id=%d&otp=%s [pam_yubico.c:parse_cfg(732)] argv[2]=authfile=./aux/authfile [pam_yubico.c:parse_cfg(732)] argv[3]=debug [pam_yubico.c:parse_cfg(733)] id=1 [pam_yubico.c:parse_cfg(734)] key=(null) [pam_yubico.c:parse_cfg(735)] debug=1 [pam_yubico.c:parse_cfg(736)] alwaysok=0 [pam_yubico.c:parse_cfg(737)] verbose_otp=0 [pam_yubico.c:parse_cfg(738)] try_first_pass=0 [pam_yubico.c:parse_cfg(739)] use_first_pass=0 [pam_yubico.c:parse_cfg(740)] authfile=./aux/authfile [pam_yubico.c:parse_cfg(741)] ldapserver=(null) [pam_yubico.c:parse_cfg(742)] ldap_uri=(null) [pam_yubico.c:parse_cfg(743)] ldap_bind_user=(null) [pam_yubico.c:parse_cfg(744)] ldap_bind_password=(null) [pam_yubico.c:parse_cfg(745)] ldap_filter=(null) [pam_yubico.c:parse_cfg(746)] ldap_cacertfile=(null) [pam_yubico.c:parse_cfg(747)] ldapdn=(null) [pam_yubico.c:parse_cfg(748)] user_attr=(null) [pam_yubico.c:parse_cfg(749)] yubi_attr=(null) [pam_yubico.c:parse_cfg(750)] yubi_attr_prefix=(null) [pam_yubico.c:parse_cfg(751)] url=http://localhost:17502/wsapi/2/verify?id=%d&otp=%s [pam_yubico.c:parse_cfg(752)] urllist=(null) [pam_yubico.c:parse_cfg(753)] capath=(null) [pam_yubico.c:parse_cfg(754)] token_id_length=12 [pam_yubico.c:parse_cfg(755)] mode=client [pam_yubico.c:parse_cfg(756)] chalresp_path=(null) [pam_yubico.c:pam_sm_authenticate(787)] pam_yubico version: 2.20 in pam_get_user() [pam_yubico.c:pam_sm_authenticate(802)] get user returned: foo in pam_get_item() 5 in conv_func() [pam_yubico.c:pam_sm_authenticate(949)] conv returned 44 bytes [pam_yubico.c:pam_sm_authenticate(967)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32. [pam_yubico.c:pam_sm_authenticate(974)] OTP: vvincredibletrerdegkkrkkneieultcjdghrejjbckh ID: vvincredible [pam_yubico.c:pam_sm_authenticate(1004)] ykclient return value (109): Error performing curl [pam_yubico.c:pam_sm_authenticate(1005)] ykclient url used: [pam_yubico.c:pam_sm_authenticate(1073)] in pam_strerror() done. [error] in pam_set_data() yubico_setcred_return test 1 failed! killed 13963 and 13964 FAIL pam_test (exit status: 1) Many thanks,

2bluesc commented on 2015-05-02 23:50 (UTC)

Having to install a bunch of perl-net-ladap-server options every time I update is very annoying. One option is to pass '--without-ldap' to the ./configure script. Or we could the tests/aux/ldap.pl script from pam_tests.c.

Aerion commented on 2015-01-21 11:22 (UTC)

After updating perl-net-ldap-server and installing it's new dependencies the package built correctly. Many thanks for your quick response!

eworm commented on 2015-01-20 20:55 (UTC)

perl-net-ldap-server was missing dependencies. Please install perl-net-ldap-server 0.43-2 and try again.

Aerion commented on 2015-01-20 20:35 (UTC)

Yes, perl-net-ldap-server is installed. Sorry, of course, I should have thought to include the log straight away. The content of the log doesn't mean an awful lot to me, but the most obvious errors are [pam_yubico.c:authorize_user_token_ldap(271)] ldap_simple_bind_s: Can't contact LDAP server [pam_yubico.c:pam_sm_authenticate(982)] Internal error while validating user I don't run an LDAP server. I've uploaded the full log here http://pastebin.com/kyFTWYrW