libpam-yubico needs signed char on ARM
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Raspbian |
Expired
|
Undecided
|
Unassigned |
Bug Description
When using a yubikey cryptographic token for authentication with the pam_yubico.so module from package libpam-yubico, if the configuration is set to verify server signatures using a shared secret key, ykclient fails to authenticate the HMAC-SHA1 signature from the Yubico validation servers. This bug is unique to the ARM platform; the same module works on wheezy/amd64 and there is a patch for ARM (see below).
If we add the following line to /etc/pam.d/sshd (actual id and base64 key redacted):
auth required pam_yubico.so debug id=1234 key=MySecretKey
And then try to login using ssh with a yubikey, an example of PAM debug output follows:
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
[pam_yubico.
I can confirm the libpam-yubico PAM module and the above configuration works on Debian Wheezy on the amd64 architecture.
Further information and a possible patch is available here:
https:/
Changed in raspbian: | |
status: | New → Incomplete |
"This bug is unique to the ARM platform"
Are you sure about that? have you tested on powerpc or s390? ;)
Can you test if this also happens with debian wheezy armel (I strongly suspect it will) and if so file a bug in debian?