美文网首页
Local Authentication Using Chall

Local Authentication Using Chall

作者: 小小leo | 来源:发表于2017-05-05 00:50 被阅读0次

    - Connect Yubikey  ,theninitialize YubiKeyslot 2:

    Connect Yubikey  ,theninitialize YubiKeyslot 2:

    3ykpersonalize-2-ochal-resp-ochal-hmac-ohmac-lt64-oserial-api-visible

    ...

    Commit? (y/n) [n]: y

    Create /var/yubico directory for challenge file.

    9sudo mkdir/var/yubico

    sudo chown root.root/var/yubico

    sudo chmod700/var/yubico

    ykpamcfg-2-v

    ...

    Stored initial challengeandexpected responsein'$HOME/.yubico/challenge-123456'.

    sudo mv ~/.yubico/challenge-123456/var/yubico/xiaoxiaoleo-123456

    sudo chown root.root/var/yubico/xiaoxiaoleo-123456
    sudo chmod600/var/yubico/xiaoxiaoleo-123456

    TIPs: xiaoxiaoleo is the login user name.

    add pam config before the first line /etc/pam.d/login:

    auth   required        pam_yubico.so mode=challenge-response chalresp_path=/var/yubico

    Add debug arg for debug infomation:

    auth   required        pam_yubico.so mode=challenge-response debug chalresp_path=/var/yubico

    Create yubico pam debug log file:

    2touch/var/run/pam-debug.log

    chmod go+w/var/run/pam-debug.log

    SELinux ERROR:

    [pam_yubico.c:do_challenge_response(614)] Cannot open file: /var/yubico/test-5212345(No such file or   directory )

    Error communicating with Yubikey,please check syslog or contact your system administrator

    [pam_yubikco.c:display_error(425)] conv returned:'(null)'

    [pam_yubico.c:do_challenge_response(673)] Challenge Response failed: No such file or directory

    Create SELinux policy :

    grep avc/var/log/audit/audit.log | audit2allow-M yubikey

    13module yubikey1.0;

    define(`r_file_perms', `{ getattr open read ioctl lock }')

    require {

    typevar_t;

    typelocal_login_t;

    }

    allow local_login_t var_t:filer_file_perms

    Compile and install SELinux policy:

    3checkmodule-M-m-o yubikey.mod yubikey.te

    semodule_package-o yubikey.pp-m yubikey.mod

    semodule-i yubikey.pp

    相关文章

      网友评论

          本文标题:Local Authentication Using Chall

          本文链接:https://www.haomeiwen.com/subject/tuhjtxtx.html