ChallengeResponse authentication fails on screensaver
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
yubico-pam (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Issue:
I'm currently using yubikey as 2nd factor authentication with "challenge-
After locking the desktop screen I'm currently unable to login again from gnome-screensaver.
Using Ubuntu 16.04 current version of libpam-yubico is 2.20-1
I tracked down the bug to this one already fixed upstream in version 2.22:
https:/
Detailed example to reproduce:
eg. my /etc/pam.
#auth required pam_yubico.so mode=challenge-
After authentication in gdm or textual login screen the challenge response file permission get changed to the one of the process that is authenticating (root-root).
My initial permission of the challenge file
-rw------- 1 root root
If I change permissions to
-rw------- 1 my-user my-user
the lockscreen authentication works again correctly.
As soon as I login again from gdm the permissions go back to:
-rw------- 1 root root
description: | updated |
description: | updated |