Public bug reported: System version: Ubuntu 14.04.5 LTS
yubico-pam version: 2.14-1 libykclient3 version: 2.12-1 Calling the pam_yubico.so PAM module as delivered by the package yubico- pam 2.14-1 fails if the Yubikey OTP servers are supplied using the urllist parameter instead of the url parameter, which nulls the option of having a failover in case the first server fails. Works on 16.04. It is highly likely the bug is in the libykclient package since this is where the connection occurs. Using strace to analyze connections using url vs. urllist it would seem the urllist parameter is not recognized at all inasmuch as the connection is directed towards the central Yubico authentication servers. Building pam-yubico and ykclient-c linked to updated 14.04 packages from source according to Yubico doc renders a PAM module that works with urllist on 14.04. Here is the sanitized PAM config line used: auth [success=1 default=die] pam_yubico.so mode=client id=1 key=<tested and works elsewhere> urllist=http://server1/wsapi/2.0/verify;http://server2/wsapi/2.0/verify ldap_uri=ldap://ldap1,ldap://ldap2 ldapdn=ou=Users,dc=company,dc=com user_attr=uid yubi_attr=yubiKeyId debug debug_file=/var/log/pam- debug.log Specify if you require trace files, the interesting bits (connections) are as specified over. ** Affects: yubico-pam (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1649246 Title: libpam-yubico ykclient call fails to parse urllist parameter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/yubico-pam/+bug/1649246/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
