[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] OATH_PRINTF_ERROR with more than one user in users.o
|
From: |
Fredrik Lindgren |
|
Subject: |
[OATH-Toolkit-help] OATH_PRINTF_ERROR with more than one user in users.oath |
|
Date: |
Sun, 18 Mar 2012 11:37:14 +0100 |
Environment: FreeBSD 9.0 x64, oath-toolkit 1.10.5 installed from ports
I have an interesting problem that I just can't seem to solve. I've installed
oath-toolkit, configured the root user for TOTP (HOTP/T30) and tested it with
su and sshd. Everything works perfectly. I then added another user to the
users.oath file, and after that neither the new user or the original user works
anymore.
The file:
HOTP/T30 root - 29138c70c2e3082a7878f3e5b110d3715299e8a0
1 448947 2012-03-18T11:20:19L
HOTP/T30 nisse - 00
The debug output:
[pam_oath.c:parse_cfg(118)] called.
[pam_oath.c:parse_cfg(119)] flags 0 argc 2
[pam_oath.c:parse_cfg(121)] argv[0]=debug
[pam_oath.c:parse_cfg(121)] argv[1]=usersfile=/etc/users.oath
[pam_oath.c:parse_cfg(122)] debug=1
[pam_oath.c:parse_cfg(123)] alwaysok=0
[pam_oath.c:parse_cfg(124)] try_first_pass=0
[pam_oath.c:parse_cfg(125)] use_first_pass=0
[pam_oath.c:parse_cfg(126)] usersfile=/etc/users.oath
[pam_oath.c:parse_cfg(127)] digits=0
[pam_oath.c:parse_cfg(128)] window=5
[pam_oath.c:pam_sm_authenticate(157)] get user returned: root
One-time password (OATH) for `root':
[pam_oath.c:pam_sm_authenticate(232)] conv returned: 831601
[pam_oath.c:pam_sm_authenticate(292)] OTP: 831601
[pam_oath.c:pam_sm_authenticate(305)] authenticate rc -3 (OATH_PRINTF_ERROR:
Error from system printf call) last otp Sun Mar 18 11:15:07 2012
[pam_oath.c:pam_sm_authenticate(311)] One-time password not authorized to login
as user 'root'
[pam_oath.c:pam_sm_authenticate(327)] done. [authentication error]
su: Sorry
The users.oath file does get updated with the used OTP and a date stamp
regardless of the auth error.
Even more interesting, if I try to login as my second user "nisse" that user
gets deleted from the users.oath file and only the first line of the file
remains. At that point I can authenticate as root again.
I tried changing the rights on the users.oath file just to see if that made any
difference, and I noticed that the rights always changes back to 600 when the
file gets updated:
-rw------- 1 root wheel 107 Mar 18 11:20 users.oath
I was concerned that it had something to do with the rights on /etc so I tried
to move the file to another folder with full (777) rights, but the result was
exactly the same.
smime.p7s
Description: S/MIME cryptographic signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [OATH-Toolkit-help] OATH_PRINTF_ERROR with more than one user in users.oath,
Fredrik Lindgren <=