Hi, I installed Oath Toolkit 1.10.2 in a Debian Squeeze server. Everything went fine with HOTP, but I am not being able to 'su' with TOTP.
Here is what I got when I call it: [pam_oath.c:parse_cfg(118)] called. [pam_oath.c:parse_cfg(119)] flags 0 argc 2 [pam_oath.c:parse_cfg(121)] argv[0]=debug [pam_oath.c:parse_cfg(121)] argv[1]=usersfile=/etc/users.oath [pam_oath.c:parse_cfg(122)] debug=1 [pam_oath.c:parse_cfg(123)] alwaysok=0 [pam_oath.c:parse_cfg(124)] try_first_pass=0 [pam_oath.c:parse_cfg(125)] use_first_pass=0 [pam_oath.c:parse_cfg(126)] usersfile=/etc/users.oath [pam_oath.c:parse_cfg(127)] digits=0 [pam_oath.c:parse_cfg(128)] window=5 [pam_oath.c:pam_sm_authenticate(157)] get user returned: root One-time password (OATH) for `root': [pam_oath.c:pam_sm_authenticate(232)] conv returned: 4442649 [pam_oath.c:pam_sm_authenticate(292)] OTP: 4442649 [pam_oath.c:pam_sm_authenticate(305)] authenticate rc -6 (OATH_INVALID_OTP: The OTP is not valid) last otp Sat Apr 5 21:42:31 4444003 [pam_oath.c:pam_sm_authenticate(311)] One-time password not authorized to login as user 'root' [pam_oath.c:pam_sm_authenticate(327)] done. [Authentication failure] su: Authentication failure Here is the entry in my users.oath: HOTP/T30 root - abcdef1234567890 The date in the error (Sat Apr 5 21:42:31 4444003) is changes every try (seems random to me). Server and token generator are well sync, and 'oathtool abcdef1234567890 --totp' results matches with my token generator. Any idea? Thanks, Michael[
