Comment 0 for bug 1619280

Issue:
I'm currently using yubikey as 2nd factor authentication with "challenge-response" method.
After locking the desktop screen I'm currently unable to login again.

Using Ubuntu 16.04 current version of libpam-yubico is 2.20-1

I tracked down the bug to this one already fixed upstream in version 2.22:
https://github.com/Yubico/yubico-pam/issues/92

Detailed example to reproduce:
eg. my /etc/pam.d/common-auth contains
#auth required pam_yubico.so mode=challenge-response chalresp_path=/var/yubico

After authentication in gdm or textual login screen the challenge response file permission get changed to the one of the process that is authenticating (root-root).

My initial permission of the challenge file
-rw------- 1 root root

If I change permissions to
-rw------- 1 my-user my-user
the lockscreen authentication works again correctly.

As soon as I login again from gdm the permissions go back to:
-rw------- 1 root root