Issue:
I'm currently using yubikey as 2nd factor authentication with "challenge-response" method.
After locking the desktop screen I'm currently unable to login again.
Using Ubuntu 16.04 current version of libpam-yubico is 2.20-1
Detailed example to reproduce:
eg. my /etc/pam.d/common-auth contains
#auth required pam_yubico.so mode=challenge-response chalresp_path=/var/yubico
After authentication in gdm or textual login screen the challenge response file permission get changed to the one of the process that is authenticating (root-root).
My initial permission of the challenge file
-rw------- 1 root root
If I change permissions to
-rw------- 1 my-user my-user
the lockscreen authentication works again correctly.
As soon as I login again from gdm the permissions go back to:
-rw------- 1 root root
Issue: response" method.
I'm currently using yubikey as 2nd factor authentication with "challenge-
After locking the desktop screen I'm currently unable to login again.
Using Ubuntu 16.04 current version of libpam-yubico is 2.20-1
I tracked down the bug to this one already fixed upstream in version 2.22: /github. com/Yubico/ yubico- pam/issues/ 92
https:/
Detailed example to reproduce: d/common- auth contains response chalresp_ path=/var/ yubico
eg. my /etc/pam.
#auth required pam_yubico.so mode=challenge-
After authentication in gdm or textual login screen the challenge response file permission get changed to the one of the process that is authenticating (root-root).
My initial permission of the challenge file
-rw------- 1 root root
If I change permissions to
-rw------- 1 my-user my-user
the lockscreen authentication works again correctly.
As soon as I login again from gdm the permissions go back to:
-rw------- 1 root root