Glad to hear you got there. Congrats -- Ross
On 7/06/2013, at 13:47, Craig McQueen <912...@bugs.launchpad.net> wrote: > I've sorted it out now. Sorry, I was doing something stupid. I had > thought "it was working" but I was still actually running the original > pam-blue. I thought it was "working" because I had solved a separate > issue -- my Bluetooth device had a space in the name, and I couldn't > figure out how to configure that in /etc/security/bluescan.conf. I > removed the space in the device name on my Bluetooth device (an iPhone), > then it worked, but still with the original pam-blue, except for lock > screen. > > So what I was missing was to compile and install with the proper > configure options, so the module goes into /lib/security: > > ./configure --libdir=/lib/security > make > sudo make install > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/912695 > > Title: > libpam_blue requires root, fails if non-privileged > > Status in “libpam-blue” package in Ubuntu: > Confirmed > > Bug description: > I modified /etc/pam.d/common-auth to allow two-factor authentication > using password and either bluetooth proximity or, if that fails, > google-authenticator: > > . . . > # here are the per-package modules (the "Primary" block) > auth [success=1 default=ignore] pam_unix.so nullok_secure > # here's the fallback if no module succeeds > auth requisite pam_deny.so > # > auth [success=1 default=ignore] pam_blue.so > auth required pam_google_authenticator.so > # > # prime the stack . . . > > This works fine for login, but bluetooth authentication always fails when > unlocking gnome-screensaver with the error message: > Bluetooth scan failure [bluetooth device up?] > > The reason seems to be that pam_blue is based on l2cap which requires > root authority to create sockets (l2ping runs as root but fails for a > non-privileged user). > > An alternative method of detecting bluetooth proximity is to use hcitool: > hcitool name xx:xx:xx:xx:xx:xx > returns the name of the device whose MAC is given, or nothing on fail, and > it works for a non-privileged user. > > Replacing pam_blue with a simple hacked version using hcitool works for both > login and gnome-screensaver unlock: > > int rc = PAM_SESSION_ERR; > FILE *fpipe; > char *command="hcitool name xx:xx:xx:xx:xx:xx"; > char line[256]; > > if ( !(fpipe = (FILE*)popen(command,"r")) ) { > perror("Problems with pipe"); > exit(1); > } > while ( fgets( line, sizeof line, fpipe)) { > if (strlen(line) > 2) rc = PAM_SUCCESS; > } > pclose(fpipe); > return rc; > > This bug probably affects all versions to date, but has been confirmed > in Ubuntu 11.04 and 11.10, and in libpam-blue 0.9.0-3 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/libpam-blue/+bug/912695/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/912695 Title: libpam_blue requires root, fails if non-privileged To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-blue/+bug/912695/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs