New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unlock via PAM with Yubikey results in "No such file or directory" #13
Comments
Hi @aschaap, Thanks for reporting the issue. Just to be clear, before that specific PR, you were able to unlock properly? Could you please include your complete line for PAM unlock? Thanks, |
I do not seem to be able to unlock at all via PAM, 0.1.4 or HEAD^1 did not make a difference (0.1.4 had a less descriptive error message). My /etc/pam.d/sddm line:
|
Seems correct and I assume the user is If you don't mind, would you do some tests and help us with their results? On a terminal, can you please manually set PAM_USER # export PAM_USER=hunter and run this command? # /usr/local/bin/shavee -p -y -z rpool/USERDATA It is possible that it is the same as bug #7. |
@kiavash-at-work : Yes, the user is I have tried |
Thank you. That was very helpful and it shows that the binary correctly parse |
But if the error message includes the username, wouldn't that mean the environment variable has been passed correctly? I tried with other directories and saw that the username was appended, so I'm confident that it is set and used as described. |
Very valid point and thanks for reminding me of the error message... maybe @ashuio have some ideas to help. |
Also, another possible root cause may be related to this issue when logging in a non-root user |
Sorry for being late, So as i understand the command is failing on the First of all i'd suggest to try the 0.1.4 branch, The key derivation method has changed between the versions so you might wanna recreate the test directory with 0.1.4 build. I will setup a ubuntu vm and test it. If it is a permission problem it could be solved with adding the |
@ashuio I agree, I was able to track down the error message displayed to the I'm looking forward to the outcome of your tests. |
@kiavash-at-work can you email me at shavee@ashu.io I'd like to discuss some things about this project if you're interested. |
@aschaap Can you give the new pam module int he Replace with this in your pam file auth optional "Path to the libshavee_pam.so file" -y -z rpool/USERDATA Note: |
I think this thread is resolved now with 0.1.4 |
When trying out 0824841, I was unable to get PAM to unlock my home directory with a Yubikey plugged in, as indicated by the example. Adding a log parameter to the pam_exec.so command reveals:
I'm on Ubuntu 20.04 with root on ZFS. I created rpool/USERDATA/hunter via
shavee -y -c -z rpool/USERDATA/hunter
. I manually set the mountpoint to /home/hunter and canmount to noauto (prevents asking for the password on boot). I also set overlay to on to get rid of the warning that the directory is not empty.I am able to unlock the directory manually with
shavee -y -z rpool/USERDATA/hunter
.The text was updated successfully, but these errors were encountered: