On Thu, Oct 24, 2013 at 10:23:49PM +0200, Alexander Hall wrote:
> On 10/24/13 21:30, Otto Moerbeek wrote:
> >On Thu, Oct 24, 2013 at 07:44:27PM +0200, Daniel Hartmeier wrote:
> >
> >>On Thu, Oct 24, 2013 at 03:07:19PM +0200, Pieter Verberne wrote:
> >>
> >>>-r--r----- 1 root auth 33 Oct 24 14:47 pieter.key
> >>>-r--r----- 1 root auth 10 Oct 24 14:47 pieter.uid
> >>
> >>Your uid file looks too small, it's usually 13 bytes, with 12 hex digits
> >>and a newline (optional).
> >>
> >>># /usr/libexec/auth/login_yubikey -d -s login pieter
> >>>Password:
> >>>reject
> >>>
> >>>authlog:
> >>>Oct 24 14:52:51 lilium login_yubikey: user pieter: fdopen: Bad file
> >>>descriptor
> >>>Oct 24 14:53:08 lilium login_yubikey: user pieter: reject
> >>
> >>The first error must be from a different invokation. If you get the
> >>Password: prompt, that error condition is already passed.
> >>
> >>Daniel
> >
> >iirc bsd auth helpers expect an open fd 3 to read a challenge. They
> >are not meant to be run directly from the command line.
>
> That's what -d is for. Without -d, you get the first error message
> though, as then you expect fd3 to be open. :-)
>
> /Alexander
Of course, missed that,
-Otto
