Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first

oath-toolkit-help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass

From:	Jens Czyborra
Subject:	Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass
Date:	Mon, 30 May 2011 12:20:55 +0200
User-agent:	KMail/1.13.7 (Linux/2.6.39-ARCH; KDE/4.6.3; x86_64; ; )

The i get (with digits=6):

[pam_oath.c:pam_sm_authenticate(168)] get password returned: 123456xyzabc_
[pam_oath.c:pam_sm_authenticate(274)] Password: 123456x 
[pam_oath.c:pam_sm_authenticate(292)] OTP: 

The Modul cuts the last 6 digits (where normaly the otp is) but i do not paste 
it in the right place afterwards.

Am Montag, 30. Mai 2011, 11:32:37 schrieb Simon Josefsson:
> Jens Czyborra <address@hidden> writes:
> > Example:
> > 
> > in /etc/pam.d/sudo:
> > 
> > auth            required        pam_unix.so
> > auth            sufficient      pam_oath.so     usersfile=/etc/users.oath
> > digits=6 try_first_pass debug
> > 
> > By testing the login by the unix pass everything works well.
> 
> > By testing with the otp (xyzabc_ is the password and 123456 is the otp) i 
get:
> Hi Jens!  Welcome to the list.
> 
> Try reversing the order of password and PIN -- i.e., type
> '123456xyzabc_' instead of 'xyzabc_123456'.  If it is important for you
> to type the password first and the PIN next, it should be possible to
> add a flag for the PAM module to modify this behaviour.
> 
> /Simon
> 
> > ~]$ sudo su
> > Passwort:
> > [pam_oath.c:parse_cfg(118)] called.
> > [pam_oath.c:parse_cfg(119)] flags 32768 argc 4
> > [pam_oath.c:parse_cfg(121)] argv[0]=usersfile=/etc/users.oath
> > [pam_oath.c:parse_cfg(121)] argv[1]=digits=6
> > [pam_oath.c:parse_cfg(121)] argv[2]=use_first_pass
> > [pam_oath.c:parse_cfg(121)] argv[3]=debug
> > [pam_oath.c:parse_cfg(122)] debug=1
> > [pam_oath.c:parse_cfg(123)] alwaysok=0
> > [pam_oath.c:parse_cfg(124)] try_first_pass=0
> > [pam_oath.c:parse_cfg(125)] use_first_pass=1
> > [pam_oath.c:parse_cfg(126)] usersfile=/etc/users.oath
> > [pam_oath.c:parse_cfg(127)] digits=6
> > [pam_oath.c:parse_cfg(128)] window=5
> > [pam_oath.c:pam_sm_authenticate(157)] get user returned: jens
> > [pam_oath.c:pam_sm_authenticate(168)] get password returned:
> > xyzabc_123456 [pam_oath.c:pam_sm_authenticate(274)] Password: xyzabc_
> > [pam_oath.c:pam_sm_authenticate(292)] OTP:
> > [pam_oath.c:pam_sm_authenticate(305)] authenticate rc -2
> > (OATH_INVALID_DIGITS: Unsupported number of OTP digits) last otp Mon May
> > 30 01:00:38 2011
> > 
> > [pam_oath.c:pam_sm_authenticate(311)] One-time password not authorized to
> > login as user 'jens'
> > [pam_oath.c:pam_sm_authenticate(327)] done. [Fehler bei
> > Authentifizierung] Sorry, try again.
> > Passwort:
> > 
> > 
> > the same with use_first_pass
> > 
> > withou both try_first_pass and use_first_pass it works but i'm asked
> > first for the unix pass and second for the otp if unix fails
> > 
> > ???????

[Prev in Thread]

Current Thread

[Next in Thread]

[OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass, Jens Czyborra, 2011/05/29
- Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass, Simon Josefsson, 2011/05/30
  - Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass, Jens Czyborra <=
    - Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass, Simon Josefsson, 2011/05/30

Prev by Date: Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass
Next by Date: Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass
Previous by thread: Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass
Next by thread: Re: [OATH-Toolkit-help] totp pam and try_first_pass or use_first_pass
Index(es):
- Date
- Thread