[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-Toolkit-help] One Time Password in SLiM
From: |
Simon Josefsson |
Subject: |
Re: [OATH-Toolkit-help] One Time Password in SLiM |
Date: |
Sat, 30 Apr 2011 09:05:41 +0200 |
User-agent: |
Gnus/5.110016 (No Gnus v0.16) Emacs/23.2 (gnu/linux) |
Christian Hesse <address@hidden> writes:
> Christian Hesse <address@hidden> on Fri, 29 Apr 2011 22:24:19 +0200:
>> xscreensaver to go...
>
> This is gonna be kind of monologue... :D
>
> Ok, here are the new facts: Authentication succeeds if I add 'alwaysok' to
> pam_oath. So the communication between xscreensaver and pam_oath is ok. Does
> the pam module have a problem accessing the usersfile? xscreensaver is run
> as user (uid 1000 or something...).
...
> [pam_oath.c:pam_sm_authenticate(303)] authenticate rc -11 last otp Thu Jan 1
> 01:00:00 1970
-11 means OATH_NO_SUCH_FILE, i.e., the usersfile could not be
found/opened. The usersfile is normally owned by root and no other has
access. It could be a configuration error, how does your xscreensaver
PAM line look like? How does xscreensaver/pam_unix solve this for
e.g. /etc/shadow? Doesn't xscreensaver have to be setuid-root for
things to work?
Btw, I find your "monologue" interesting, it is the kind of feedback
that is important -- we don't know where pam_oath works without someone
testing it and reporting about it.
/Simon