Ubuntu
yubico-pam package

ChallengeResponse authentication fails on screensaver

Bug #1619280 reported by Ilias Bartolini
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
yubico-pam (Ubuntu)
New
Undecided
Unassigned

Bug Description

Issue:
I'm currently using yubikey as 2nd factor authentication with "challenge-response" method.
After locking the desktop screen I'm currently unable to login again from gnome-screensaver.

Using Ubuntu 16.04 current version of libpam-yubico is 2.20-1

I tracked down the bug to this one already fixed upstream in version 2.22:
https://github.com/Yubico/yubico-pam/issues/92

Detailed example to reproduce:
eg. my /etc/pam.d/common-auth contains
#auth required pam_yubico.so mode=challenge-response chalresp_path=/var/yubico

After authentication in gdm or textual login screen the challenge response file permission get changed to the one of the process that is authenticating (root-root).

My initial permission of the challenge file
-rw------- 1 root root

If I change permissions to
-rw------- 1 my-user my-user
the lockscreen authentication works again correctly.

As soon as I login again from gdm the permissions go back to:
-rw------- 1 root root

See original description
Ilias Bartolini (ilias-bartolini)
description: updated
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.