Package: libpam-yubico Version: 2.23-1 Severity: important Tags: upstream I have confiugured Yubikey PAM authentication. It works for SSH and sudo, but it fails for dovecot, as shown in syslog:
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(759)] called. dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(760)] flags 0 argc 5 dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[0]=mode=client dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[1]=try_first_pass dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[2]=id=[REDACTED] dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[3]=debug dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[4]=key=[REDACTED] dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(763)] id=[REDACTED] dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(764)] key=[REDACTED] dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(765)] debug=1 dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(766)] alwaysok=0 dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(767)] verbose_otp=0 dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(768)] try_first_pass=1 dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(769)] use_first_pass=0 dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(770)] authfile=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(771)] ldapserver=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(772)] ldap_uri=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(773)] ldap_bind_user=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(774)] ldap_bind_password=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(775)] ldap_filter=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(776)] ldap_cacertfile=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(777)] ldapdn=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(778)] user_attr=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(779)] yubi_attr=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(780)] yubi_attr_prefix=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(781)] url=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(782)] urllist=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(783)] capath=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(784)] cainfo=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(785)] proxy=(null) dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(786)] token_id_length=12 dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(787)] mode=client dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(788)] chalresp_path=(null) dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(834)] get user returned: [REDACTED] dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(855)] get password returned: (null) dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(985)] conv returned 53 bytes dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1003)] Skipping first 9 bytes. Length is 53, token_id set to 12 and token OTP always 32. dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1010)] OTP: [REDACTED] ID: [REDACTED] dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1025)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK dovecot: auth-worker: Error: *** Error in `dovecot/auth`: double free or corruption (!prev): 0x00007f389ba54e40 *** dovecot: auth: Error: auth worker: Aborted PASSV request for [REDACTED]: Worker process died unexpectedly dovecot: auth-worker: Fatal: master: service(auth-worker): child 1281 killed with signal 6 (core dumps disabled) -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-042stab120.11 (SMP w/1 CPU core) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libpam-yubico depends on: ii debconf [debconf-2.0] 1.5.61 ii libc6 2.24-11+deb9u1 ii libldap-2.4-2 2.4.44+dfsg-5 ii libpam-runtime 1.1.8-3.6 ii libpam0g 1.1.8-3.6 ii libykclient3 2.15-1 ii libykpers-1-1 1.17.3-1 ii libyubikey0 1.13-2 libpam-yubico recommends no packages. libpam-yubico suggests no packages. -- debconf information: * libpam-yubico/module_args: mode=client try_first_pass id=[REDACTED] key=[REDACTED]