The i get (with digits=6): [pam_oath.c:pam_sm_authenticate(168)] get password returned: 123456xyzabc_ [pam_oath.c:pam_sm_authenticate(274)] Password: 123456x [pam_oath.c:pam_sm_authenticate(292)] OTP:
The Modul cuts the last 6 digits (where normaly the otp is) but i do not paste it in the right place afterwards. Am Montag, 30. Mai 2011, 11:32:37 schrieb Simon Josefsson: > Jens Czyborra <[email protected]> writes: > > Example: > > > > in /etc/pam.d/sudo: > > > > auth required pam_unix.so > > auth sufficient pam_oath.so usersfile=/etc/users.oath > > digits=6 try_first_pass debug > > > > By testing the login by the unix pass everything works well. > > > By testing with the otp (xyzabc_ is the password and 123456 is the otp) i get: > Hi Jens! Welcome to the list. > > Try reversing the order of password and PIN -- i.e., type > '123456xyzabc_' instead of 'xyzabc_123456'. If it is important for you > to type the password first and the PIN next, it should be possible to > add a flag for the PAM module to modify this behaviour. > > /Simon > > > ~]$ sudo su > > Passwort: > > [pam_oath.c:parse_cfg(118)] called. > > [pam_oath.c:parse_cfg(119)] flags 32768 argc 4 > > [pam_oath.c:parse_cfg(121)] argv[0]=usersfile=/etc/users.oath > > [pam_oath.c:parse_cfg(121)] argv[1]=digits=6 > > [pam_oath.c:parse_cfg(121)] argv[2]=use_first_pass > > [pam_oath.c:parse_cfg(121)] argv[3]=debug > > [pam_oath.c:parse_cfg(122)] debug=1 > > [pam_oath.c:parse_cfg(123)] alwaysok=0 > > [pam_oath.c:parse_cfg(124)] try_first_pass=0 > > [pam_oath.c:parse_cfg(125)] use_first_pass=1 > > [pam_oath.c:parse_cfg(126)] usersfile=/etc/users.oath > > [pam_oath.c:parse_cfg(127)] digits=6 > > [pam_oath.c:parse_cfg(128)] window=5 > > [pam_oath.c:pam_sm_authenticate(157)] get user returned: jens > > [pam_oath.c:pam_sm_authenticate(168)] get password returned: > > xyzabc_123456 [pam_oath.c:pam_sm_authenticate(274)] Password: xyzabc_ > > [pam_oath.c:pam_sm_authenticate(292)] OTP: > > [pam_oath.c:pam_sm_authenticate(305)] authenticate rc -2 > > (OATH_INVALID_DIGITS: Unsupported number of OTP digits) last otp Mon May > > 30 01:00:38 2011 > > > > [pam_oath.c:pam_sm_authenticate(311)] One-time password not authorized to > > login as user 'jens' > > [pam_oath.c:pam_sm_authenticate(327)] done. [Fehler bei > > Authentifizierung] Sorry, try again. > > Passwort: > > > > > > the same with use_first_pass > > > > withou both try_first_pass and use_first_pass it works but i'm asked > > first for the unix pass and second for the otp if unix fails > > > > ???????
