Hi!
Unfortunately, I can't login with yubikey and yubikey linked password.
Here is my config:
1,
yubikey linked password: apple
echo -n "apple" | openssl dgst -sha1
yubikey linked password: d0be2dc421be4fcd0172e5afceea3970e2f3d940
yubikey-personilization-gui
LOGGING START,9/4/16 9:10 PM
Challenge-Response: HMAC-SHA1,9/4/16 9:10
PM,2,,,04c21478245c36861b9f946e0d9388d5ebbb909d,,,0,0,0,0,0,0,0,0,0,1
usbvm name: sys-usb
2,
in doom0
chmod 755 yubikey-auth
/usr/local/bin/yubikey-auth
#!/bin/sh
key="$1"
if [ -z "$key" ]; then
echo "Usage: $0 <AESKEY> [<PASSWORD-HASH>]"
exit 1
fi
# if password has given, verify it
if [ -n "$2" ]; then
# PAM appends \0 at the end
hash=`head -c -1 | openssl dgst -sha1 -r | cut -f1 -d ' '`
if [ "x$2" != "x$hash" ]; then
exit 1
fi
fi
challenge=`head -c64 /dev/urandom | xxd -c 64 -ps`
# You may need to adjust slot number and USB VM name here
response=`qvm-run -u root --nogui -p sys-usb "ykchalresp -2 -x $challenge"`
correct_response=`echo $challenge | xxd -r -ps | openssl dgst -sha1 -macopt
hexkey:$key -mac HMAC -r | cut -f1 -d ' '`
test "x$correct_response" = "x$response"
exit $?
3,
/etc/pam.d/kscreensaver (KDE desktop environment)
auth [success=done default=ignore] pam_exec.so expose_authtok quiet
/usr/local/bin/yubikey-auth 04c21478245c36861b9f946e0d9388d5ebbb909d
d0be2dc421be4fcd0172e5afceea3970e2f3d940
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/404d53fa-3ed8-40e7-92df-fe399b744eb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
