Arch Linux User Repository

Please add asciidoc to dependencies.

Many thanks eworm. I tried again to launch the script with a tcpdump running but nothing is seen, I suspect that once the test is done even if I makepkg -s -f it will not happen again.. little question regarding pam with ssh, the documentation asks to put : auth sufficient pam_yubico.so id=16 authfile=/etc/authkeyfile into /etc/pam.d/sshd I realized that in case of hitting enter when Yubikey is waiting for OTP then PAM is asking me for a password. In case I would like to force OTP I comment some rule and did : auth sufficient pam_yubico.so id=16 authfile=/etc/authkeyfile #auth required pam_securety.so #disable remote root #auth include system-remote-login #account include system-remote-login #password include system-remote-login session include system-remote-login Is it correct in term of implementation / security? It is working correctly but I just doubt about the best practices.. Many thanks!

make check asks the Yubico authentication server with some default credentials. This happens via http or https.

Thanks for your comment. curl was installed. I realized that it was my iptables issue. Is there any special test remotely needed to be done by the script? Many thanks

Possibly you are missing curl. Can you install that and retry?

Even if perl-net-ldap-server is installed and up to date + all others dependencies I am unable to make check install.. I am trying to install yubico-pam using the git version, I installed all dependencies but I am failing on the last stage .. I tried to use --without-ldap when running ./configure as I don't need it but it keeps failing when make check install If anyone has an idea I would appreciate a lot :) This is the test-suite.log =========================================== pam_yubico 2.20: tests/test-suite.log =========================================== # TOTAL: 3 # PASS: 2 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: pam_test ============== YKVAL mockup started on 30559 at ./aux/ykval.pl line 52. YKVAL mockup started on 17502 at ./aux/ykval.pl line 52. [pam_yubico.c:parse_cfg(729)] called. [pam_yubico.c:parse_cfg(730)] flags 0 argc 4 [pam_yubico.c:parse_cfg(732)] argv[0]=id=1 [pam_yubico.c:parse_cfg(732)] argv[1]=url=http://localhost:17502/wsapi/2/verify?id=%d&otp=%s [pam_yubico.c:parse_cfg(732)] argv[2]=authfile=./aux/authfile [pam_yubico.c:parse_cfg(732)] argv[3]=debug [pam_yubico.c:parse_cfg(733)] id=1 [pam_yubico.c:parse_cfg(734)] key=(null) [pam_yubico.c:parse_cfg(735)] debug=1 [pam_yubico.c:parse_cfg(736)] alwaysok=0 [pam_yubico.c:parse_cfg(737)] verbose_otp=0 [pam_yubico.c:parse_cfg(738)] try_first_pass=0 [pam_yubico.c:parse_cfg(739)] use_first_pass=0 [pam_yubico.c:parse_cfg(740)] authfile=./aux/authfile [pam_yubico.c:parse_cfg(741)] ldapserver=(null) [pam_yubico.c:parse_cfg(742)] ldap_uri=(null) [pam_yubico.c:parse_cfg(743)] ldap_bind_user=(null) [pam_yubico.c:parse_cfg(744)] ldap_bind_password=(null) [pam_yubico.c:parse_cfg(745)] ldap_filter=(null) [pam_yubico.c:parse_cfg(746)] ldap_cacertfile=(null) [pam_yubico.c:parse_cfg(747)] ldapdn=(null) [pam_yubico.c:parse_cfg(748)] user_attr=(null) [pam_yubico.c:parse_cfg(749)] yubi_attr=(null) [pam_yubico.c:parse_cfg(750)] yubi_attr_prefix=(null) [pam_yubico.c:parse_cfg(751)] url=http://localhost:17502/wsapi/2/verify?id=%d&otp=%s [pam_yubico.c:parse_cfg(752)] urllist=(null) [pam_yubico.c:parse_cfg(753)] capath=(null) [pam_yubico.c:parse_cfg(754)] token_id_length=12 [pam_yubico.c:parse_cfg(755)] mode=client [pam_yubico.c:parse_cfg(756)] chalresp_path=(null) [pam_yubico.c:pam_sm_authenticate(787)] pam_yubico version: 2.20 in pam_get_user() [pam_yubico.c:pam_sm_authenticate(802)] get user returned: foo in pam_get_item() 5 in conv_func() [pam_yubico.c:pam_sm_authenticate(949)] conv returned 44 bytes [pam_yubico.c:pam_sm_authenticate(967)] Skipping first 0 bytes. Length is 44, token_id set to 12 and token OTP always 32. [pam_yubico.c:pam_sm_authenticate(974)] OTP: vvincredibletrerdegkkrkkneieultcjdghrejjbckh ID: vvincredible [pam_yubico.c:pam_sm_authenticate(1004)] ykclient return value (109): Error performing curl [pam_yubico.c:pam_sm_authenticate(1005)] ykclient url used: [pam_yubico.c:pam_sm_authenticate(1073)] in pam_strerror() done. [error] in pam_set_data() yubico_setcred_return test 1 failed! killed 13963 and 13964 FAIL pam_test (exit status: 1) Many thanks,

Having to install a bunch of perl-net-ladap-server options every time I update is very annoying. One option is to pass '--without-ldap' to the ./configure script. Or we could the tests/aux/ldap.pl script from pam_tests.c.

After updating perl-net-ldap-server and installing it's new dependencies the package built correctly. Many thanks for your quick response!

perl-net-ldap-server was missing dependencies. Please install perl-net-ldap-server 0.43-2 and try again.

Yes, perl-net-ldap-server is installed. Sorry, of course, I should have thought to include the log straight away. The content of the log doesn't mean an awful lot to me, but the most obvious errors are [pam_yubico.c:authorize_user_token_ldap(271)] ldap_simple_bind_s: Can't contact LDAP server [pam_yubico.c:pam_sm_authenticate(982)] Internal error while validating user I don't run an LDAP server. I've uploaded the full log here http://pastebin.com/kyFTWYrW