Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ubuntu 18.04 Challenge Response "Resource Temporarliy Unavailable #166

Open
dtwiss opened this issue Jun 25, 2018 · 3 comments
Open

Ubuntu 18.04 Challenge Response "Resource Temporarliy Unavailable #166

dtwiss opened this issue Jun 25, 2018 · 3 comments

Comments

@dtwiss
Copy link

dtwiss commented Jun 25, 2018

HI,
I was trying to get the challenge response working on ubuntu 18.04. It locates my file at /var/yubico and loads the challenge file but it doesn't validate. The debug out out is listed below.

debug: pam_yubico.c:606 (do_challenge_response): Unexpected response: [redacted]
debug: pam_yubico.c:724 (do_challenge_response): Challenge-response failed: Resource temporarily unavailable
debug: pam_yubico.c:1229 (pam_sm_authenticate): done. [Authentication failure]
@klali
Copy link
Member

klali commented Jun 26, 2018

The "Unexpected response..." string is when the calculated challenge response doesn't match the saved. Did you just register it with ykpamcfg?

Do you get any more debug output than that?

How long is the [redacted] string?

@dtwiss
Copy link
Author

dtwiss commented Jun 26, 2018
edited

#@klali Yes I registered the key with ykpamcfg. I used ykpamcfg -2 -v -p /var/yubico to save the file to the yubico file rather than moving it from the ~/.yubico. The whole out put is below.

debug: pam_yubico.c:846 (parse_cfg): called.
debug: pam_yubico.c:847 (parse_cfg): flags 32768 argc 4
debug: pam_yubico.c:849 (parse_cfg): argv[0]=mode=challenge-response
debug: pam_yubico.c:849 (parse_cfg): argv[1]=chalresp_path=/var/yubico
debug: pam_yubico.c:849 (parse_cfg): argv[2]=debug
debug: pam_yubico.c:849 (parse_cfg): argv[3]=debug_file=/var/run/pam-debug.log
debug: pam_yubico.c:850 (parse_cfg): id=0
debug: pam_yubico.c:851 (parse_cfg): key=(null)
debug: pam_yubico.c:852 (parse_cfg): debug=1
debug: pam_yubico.c:853 (parse_cfg): debug_file=5
debug: pam_yubico.c:854 (parse_cfg): alwaysok=0
debug: pam_yubico.c:855 (parse_cfg): verbose_otp=0
debug: pam_yubico.c:856 (parse_cfg): try_first_pass=0
debug: pam_yubico.c:857 (parse_cfg): use_first_pass=0
debug: pam_yubico.c:858 (parse_cfg): nullok=0
debug: pam_yubico.c:859 (parse_cfg): authfile=(null)
debug: pam_yubico.c:860 (parse_cfg): ldapserver=(null)
debug: pam_yubico.c:861 (parse_cfg): ldap_uri=(null)
debug: pam_yubico.c:862 (parse_cfg): ldap_bind_user=(null)
debug: pam_yubico.c:863 (parse_cfg): ldap_bind_password=(null)
debug: pam_yubico.c:864 (parse_cfg): ldap_filter=(null)
debug: pam_yubico.c:865 (parse_cfg): ldap_cacertfile=(null)
debug: pam_yubico.c:866 (parse_cfg): ldapdn=(null)
debug: pam_yubico.c:867 (parse_cfg): user_attr=(null)
debug: pam_yubico.c:868 (parse_cfg): yubi_attr=(null)
debug: pam_yubico.c:869 (parse_cfg): yubi_attr_prefix=(null)
debug: pam_yubico.c:870 (parse_cfg): url=(null)
debug: pam_yubico.c:871 (parse_cfg): urllist=(null)
debug: pam_yubico.c:872 (parse_cfg): capath=(null)
debug: pam_yubico.c:873 (parse_cfg): cainfo=(null)
debug: pam_yubico.c:874 (parse_cfg): proxy=(null)
debug: pam_yubico.c:875 (parse_cfg): token_id_length=12
debug: pam_yubico.c:876 (parse_cfg): mode=chresp
debug: pam_yubico.c:877 (parse_cfg): chalresp_path=/var/yubico
debug: pam_yubico.c:907 (pam_sm_authenticate): pam_yubico version: 2.27
debug: pam_yubico.c:922 (pam_sm_authenticate): get user returned: dt
debug: pam_yubico.c:926 (pam_sm_authenticate): libykpers version: 1.19.1
debug: pam_yubico.c:496 (do_challenge_response): Checking for user challenge files
debug: pam_yubico.c:499 (do_challenge_response): Challenge files found
debug: util.c:230 (check_firmware_version): YubiKey Firmware version: 4.3.3
debug: pam_yubico.c:534 (do_challenge_response): Loading challenge from file /var/yubico/dt-5423791
debug: util.c:453 (load_chalresp_state): Challenge:
debug: pam_yubico.c:606 (do_challenge_response): Unexpected response:
debug: pam_yubico.c:724 (do_challenge_response): Challenge-response failed: Resource temporarily unavailable
debug: pam_yubico.c:1229 (pam_sm_authenticate): done. [Authentication failure]

@m10k
Copy link

m10k commented Jul 18, 2018

I am getting the exact same behavior on Devuan ascii with kernel version 4.17.6.
I first tried compiling against libusb, which gave me the error "Device or resource busy". Compiling against libusb-1.0 gives the error "Resource temporarily unavailable".

My libusb is version 0.1.12
My libusb-1.0 is version 1.0.21

debug: pam_yubico.c:846 (parse_cfg): called.
debug: pam_yubico.c:847 (parse_cfg): flags 0 argc 5
debug: pam_yubico.c:849 (parse_cfg): argv[0]=nullok
debug: pam_yubico.c:849 (parse_cfg): argv[1]=mode=challenge-response
debug: pam_yubico.c:849 (parse_cfg): argv[2]=chalresp_path=/var/lib/yubico
debug: pam_yubico.c:849 (parse_cfg): argv[3]=debug
debug: pam_yubico.c:849 (parse_cfg): argv[4]=debug_file=/var/log/yubico/pam.log
debug: pam_yubico.c:850 (parse_cfg): id=0
debug: pam_yubico.c:851 (parse_cfg): key=(null)
debug: pam_yubico.c:852 (parse_cfg): debug=1
debug: pam_yubico.c:853 (parse_cfg): debug_file=3
debug: pam_yubico.c:854 (parse_cfg): alwaysok=0
debug: pam_yubico.c:855 (parse_cfg): verbose_otp=0
debug: pam_yubico.c:856 (parse_cfg): try_first_pass=0
debug: pam_yubico.c:857 (parse_cfg): use_first_pass=0
debug: pam_yubico.c:858 (parse_cfg): nullok=1
debug: pam_yubico.c:859 (parse_cfg): authfile=(null)
debug: pam_yubico.c:860 (parse_cfg): ldapserver=(null)
debug: pam_yubico.c:861 (parse_cfg): ldap_uri=(null)
debug: pam_yubico.c:862 (parse_cfg): ldap_bind_user=(null)
debug: pam_yubico.c:863 (parse_cfg): ldap_bind_password=(null)
debug: pam_yubico.c:864 (parse_cfg): ldap_filter=(null)
debug: pam_yubico.c:865 (parse_cfg): ldap_cacertfile=(null)
debug: pam_yubico.c:866 (parse_cfg): ldapdn=(null)
debug: pam_yubico.c:867 (parse_cfg): user_attr=(null)
debug: pam_yubico.c:868 (parse_cfg): yubi_attr=(null)
debug: pam_yubico.c:869 (parse_cfg): yubi_attr_prefix=(null)
debug: pam_yubico.c:870 (parse_cfg): url=(null)
debug: pam_yubico.c:871 (parse_cfg): urllist=(null)
debug: pam_yubico.c:872 (parse_cfg): capath=(null)
debug: pam_yubico.c:873 (parse_cfg): cainfo=(null)
debug: pam_yubico.c:874 (parse_cfg): proxy=(null)
debug: pam_yubico.c:875 (parse_cfg): token_id_length=12
debug: pam_yubico.c:876 (parse_cfg): mode=chresp
debug: pam_yubico.c:877 (parse_cfg): chalresp_path=/var/lib/yubico
debug: pam_yubico.c:907 (pam_sm_authenticate): pam_yubico version: 2.27
debug: pam_yubico.c:922 (pam_sm_authenticate): get user returned: mk
debug: pam_yubico.c:926 (pam_sm_authenticate): libykpers version: 1.19.1
debug: pam_yubico.c:496 (do_challenge_response): Checking for user challenge files
debug: pam_yubico.c:499 (do_challenge_response): Challenge files found
debug: util.c:230 (check_firmware_version): YubiKey Firmware version: 3.5.0
debug: pam_yubico.c:534 (do_challenge_response): Loading challenge from file /var/lib/yubico/mk-7334055
debug: util.c:453 (load_chalresp_state): Challenge: [63B challenge data], hashed response: [20B response], salt: [32B salt], iterations: 10000, slot: 2
debug: pam_yubico.c:606 (do_challenge_response): Unexpected response: [20B data]
debug: pam_yubico.c:724 (do_challenge_response): Challenge-response failed: Resource temporarily unavailable
debug: pam_yubico.c:1229 (pam_sm_authenticate): done. [Authentication failure]

Interestingly, I have another machine with Devuan ascii and yubico-pam installed from the Devuan repositories where the challenge response succeeds.

@rtfm3514 rtfm3514 mentioned this issue Sep 13, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@klali @m10k @dtwiss