[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] OATH_PRINTF_ERROR with more tha n one user in users.
From: |
Fredrik Lindgren |
Subject: |
[OATH-Toolkit-help] OATH_PRINTF_ERROR with more tha n one user in users.oath |
Date: |
Fri, 23 Mar 2012 15:50:57 +0100 |
User-agent: |
Roundcube Webmail/0.7.2 |
Environment: FreeBSD 9.0 x64, oath-toolkit 1.10.5 installed from ports
I have an interesting problem that I just can't seem to solve. I've
installed oath-toolkit, configured the root user for TOTP (HOTP/T30) and
tested it with su and sshd. Everything works perfectly. I then added
another user to the users.oath file, and after that neither the new user
or the original user works anymore.
The file:
HOTP/T30 root -
29138c70c2e3082a7878f3e5b110d3715299e8a0 1 448947
2012-03-18T11:20:19L
HOTP/T30 nisse - 00
The debug output:
[pam_oath.c:parse_cfg(118)] called.
[pam_oath.c:parse_cfg(119)] flags 0 argc 2
[pam_oath.c:parse_cfg(121)] argv[0]=debug
[pam_oath.c:parse_cfg(121)] argv[1]=usersfile=/etc/users.oath
[pam_oath.c:parse_cfg(122)] debug=1
[pam_oath.c:parse_cfg(123)] alwaysok=0
[pam_oath.c:parse_cfg(124)] try_first_pass=0
[pam_oath.c:parse_cfg(125)] use_first_pass=0
[pam_oath.c:parse_cfg(126)] usersfile=/etc/users.oath
[pam_oath.c:parse_cfg(127)] digits=0
[pam_oath.c:parse_cfg(128)] window=5
[pam_oath.c:pam_sm_authenticate(157)] get user returned: root
One-time password (OATH) for `root':
[pam_oath.c:pam_sm_authenticate(232)] conv returned: 831601
[pam_oath.c:pam_sm_authenticate(292)] OTP: 831601
[pam_oath.c:pam_sm_authenticate(305)] authenticate rc -3
(OATH_PRINTF_ERROR: Error from system printf call) last otp Sun Mar 18
11:15:07 2012
[pam_oath.c:pam_sm_authenticate(311)] One-time password not authorized
to login as user 'root'
[pam_oath.c:pam_sm_authenticate(327)] done. [authentication error]
su: Sorry
The users.oath file does get updated with the used OTP and a date stamp
regardless of the auth error.
Even more interesting, if I try to login as my second user "nisse" that
user gets deleted from the users.oath file and only the first line of
the file remains. At that point I can authenticate as root again.
I tried changing the rights on the users.oath file just to see if that
made any difference, and I noticed that the rights always changes back
to 600 when the file gets updated:
-rw------- 1 root wheel 107 Mar 18 11:20 users.oath
I was concerned that it had something to do with the rights on /etc so
I tried to move the file to another folder with full (777) rights, but
the result was exactly the same.
I've also tried the same thing on OS X 10.7.3 and FreeBSD 8.2 x64. OS X
worked prefectly, FreeBSD 8.2 had the exact same problem as 9.0.
smime.p7s
Description: S/MIME cryptographic signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [OATH-Toolkit-help] OATH_PRINTF_ERROR with more tha n one user in users.oath,
Fredrik Lindgren <=