-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yubikey not working #198
Comments
Hello! Thanks for reporting the issue, I don't think Yubikey is supported (yet) in I assume you installed PAM module described here? If so, could you follow the instructions in the Troubleshooting section and post the logs here? Don't forget to remove any sensitive information from these logs. |
No, I used the challenge-response method (https://support.yubico.com/support/solutions/articles/15000011355-ubuntu-linux-login-guide-challenge-response), but it's working everywhere, just not in The debug doesn't write anything to the file, but this to the terminal:
|
I think it's not the same problem because my yubikey never blinking. I used this tutorial: https://www.jamesthebard.net/archlinux-and-u2f-login/ The default pam configuration did not work, that why I override the pam config of i3lock and allow or my password or the challenge of the yubikey.
Something link to the authfile ? I have no error
Edit: If I remove the authfile and add the mapping in the default place it work ...
|
You'd have to make your pam config change, then fully logout of your i3 session. That worked for me as I am starting i3 with startx. Yet, I guess you're right... trying to reproduce the issue with i3lock does not log anything to the yubico debug log file. In my case, the yubikey does not even blink (I am also using hmac challenge-response). |
A not-so-safe workaround is to give it suid, and it may just go away with some update or other jobs that may fix permissions.
The post that gave me this answer: Yubico/yubico-pam#113 |
That is a much better workaround, thanks! |
Instead of executing i3lock as root, you probably want to figure out which capabilities are needed and then assigning them with setcap(8). |
Sadly I don't know which capabilities it would need |
Thanks for providing the workaround. I’ll close this issue, as it seems to me that it’s a shortcoming of the yubikey PAM module and has nothing to do with i3lock itself. |
* Add outline color and width for every text element Define outline colors, i.e. --timeoutlinecolor=FFFF00FF Define outline width, i.e. --timeoutlinewidth=0.75 New arguments: --verifoutlinecolor --wrongoutlinecolor --layoutoutlinecolor --timeoutlinecolor --dateoutlinecolor --greeteroutlinecolor --timeoutlinewidth --dateoutlinewidth --verifoutlinewidth --wrongoutlinewidth --modifieroutlinewidth --layoutoutlinewidth --greeteroutlinewidth * Separate the variable definitions Co-authored-by: Raymond Li <hi@raymond.li>
I'm submitting a…
Current Behavior
When trying to use i3lock, I cannot unlock, which requires my yubikey
The yubikey is blinking, but the login is ultimately unsuccessful
Expected Behavior
i3lock unlocks normally
Reproduction Instructions
Setup yubikey required pam auth, run
i3lock
and try to unlockEnvironment
Output of
i3lock --version
:The text was updated successfully, but these errors were encountered: