libpam-u2f outdated, breaks auth for newer Yubikeys
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam-u2f (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Not strictly a bug - an outdated 3P package causes 2-factor authentication to fail for newer Yubikeys. They cannot be registered:
```
❯ pamu2fcfg -d > ~/.config/
USB send: 00ffffffff86000
USB write returned 65
now trying with timeout 2
USB read rc read 64
USB recv: ffffffff860011c
device /dev/hidraw2 discovered as 'Yubikey 4 OTP+U2F'
version (Interface, Major, Minor, Build): 2, 4, 4, 5 capFlags: 5
JSON: { "challenge": "<<REDACTED>>", "version": "U2F_V2", "appId": "pam:\/\/millstone" }
JSON challenge URL-B64: <<REDACTED>>
client data: { "challenge": "<<REDACTED>>", "origin": "pam:\/
JSON: { "challenge": "<<REDACTED>>", "version": "U2F_V2", "appId": "pam:\/\/millstone" }
JSON app_id pam://millstone
USB send: 000046000283004
USB write returned 65
USB send: 000046000200a5b
USB write returned 65
now trying with timeout 2
now trying with timeout 4
now trying with timeout 8
now trying with timeout 16
now trying with timeout 32
now trying with timeout 64
now trying with timeout 128
now trying with timeout 256
USB read rc read 64
USB recv: 004600028300026
USB data (len 2): 63c0
Unable to generate registration challenge, error in transport layer (-2)
```
I've filed an [issue](https:/
## Requested info.
Release: Ubuntu 20.04.1 LTS
Package version: libpam-u2f:
Installed: 1.0.8-1
Candidate: 1.0.8-1
Version table:
*** 1.0.8-1 500
500 http://
100 /var/lib/
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libpam-u2f 1.0.8-1
ProcVersionSign
Uname: Linux 5.4.0-42-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-0ubuntu27.4
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Sat Jul 25 15:31:03 2020
InstallationDate: Installed on 2020-07-20 (5 days ago)
InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
SourcePackage: pam-u2f
UpgradeStatus: No upgrade log present (probably fresh install)
Correction. This is an issue in libu2f-host, not pam-u2f. Fixing.