On 2013-10-25 08:14, Pieter Verberne wrote:
On 2013-10-24 19:44, Daniel Hartmeier wrote:
On Thu, Oct 24, 2013 at 03:07:19PM +0200, Pieter Verberne wrote:
-r--r----- 1 root auth 33 Oct 24 14:47 pieter.key
-r--r----- 1 root auth 10 Oct 24 14:47 pieter.uid
Your uid file looks too small, it's usually 13 bytes, with 12 hex
digits
and a newline (optional).
Fixed that.
# /usr/libexec/auth/login_yubikey -d -s login pieter
Password:
reject
authlog:
Oct 24 14:52:51 lilium login_yubikey: user pieter: fdopen: Bad file
descriptor
Oct 24 14:53:08 lilium login_yubikey: user pieter: reject
The first error must be from a different invokation. If you get the
Password: prompt, that error condition is already passed.
Daniel
*Facepalm* My keyboard layout is Dvorak. :-)
Thanks,
Pieter
What I actually wanted to do: I want to use two-factor authentication
over ssh using passwd+yubikey. Is this possible? It looks like yubikey
will 'replace' passwd authentication, and cannot supplement it.
Off topic:
How safe is certificate authentication? I'll use an encrypted private
key on my client computers. If someone gets his hands on the encrypted
key, they can do an offline password attack, which seems less safe than
an online attack.
