Connect Yubikey  ,then initialize YubiKey slot 2:

ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible

...

Commit? (y/n) [n]: y

Create /var/yubico directory for challenge file.

sudo mkdir /var/yubico

sudo chown root.root /var/yubico

sudo chmod 700 /var/yubico

ykpamcfg -2 -v

...

Stored initial challenge and expected response in '$HOME/.yubico/challenge-123456'.

sudo mv ~/.yubico/challenge-123456 /var/yubico/xiaoxiaoleo-123456

sudo chown root.root /var/yubico/xiaoxiaoleo-123456 
sudo chmod 600 /var/yubico/xiaoxiaoleo-123456

TIPs: xiaoxiaoleo is the login user name.

add pam config before the first line /etc/pam.d/login:

auth   required        pam_yubico.so mode=challenge-response chalresp_path=/var/yubico

Add debug arg for debug infomation:

auth   required        pam_yubico.so mode=challenge-response debug chalresp_path=/var/yubico

Create yubico pam debug log file:

touch /var/run/pam-debug.log

chmod go+w /var/run/pam-debug.log

SELinux ERROR:

[pam_yubico.c:do_challenge_response(614)] Cannot open file: /var/yubico/test-5212345(No such file or   directory )

Error communicating with Yubikey,please check syslog or contact your system administrator

[pam_yubikco.c:display_error(425)] conv returned:'(null)'

[pam_yubico.c:do_challenge_response(673)] Challenge Response failed: No such file or directory

Create SELinux policy :

grep avc /var/log/audit/audit.log | audit2allow -M yubikey
module yubikey 1.0;

define(`r_file_perms', `{ getattr open read ioctl lock }')

require {

    type var_t;

    type local_login_t;

}

allow local_login_t var_t:file r_file_perms

Compile and install SELinux policy:

 checkmodule -M -m -o yubikey.mod yubikey.te

 semodule_package -o yubikey.pp -m yubikey.mod

 semodule -i yubikey.pp

最新文章

  1. IOS开发之新浪围脖
  2. python 第三方模块 转 https://github.com/masterpy/zwpy_lst
  3. C++:基类和派生类
  4. 分享一段H264视频和AAC音频的RTP封包代码
  5. C++ 虚函数表与内存模型
  6. Android--WebView控件
  7. mac os vim 乱码
  8. Python笔记之面向对象
  9. Git协作流程(转)
  10. 学号:201521123116 《java程序设计》第二周学习总结
  11. 使用Mediaplay类写一个播放器
  12. angular部署到iis出现404解决方案
  13. 学习笔记TF045:人工智能、深度学习、TensorFlow、比赛、公司
  14. scp: command not found
  15. python urllib2对http的get,put,post,delete
  16. 【重大更新】DevExpress WinForms v18.2新版亮点(七)
  17. BZOJ 2663: [Beijing wc2012]灵魂宝石
  18. 高斯—若尔当(约当)消元法解异或方程组+bitset优化模板
  19. Swift 2.x 升为 swift 3后语法不兼容问题适配
  20. Linux下一个简单sniffer的实现

热门文章

  1. Prolog奇怪奇妙的思考方式
  2. Java Set集合(HashSet、TreeSet)
  3. Python-学习-小例子练习
  4. (原创)像极了爱情的详解排序二叉树,一秒get
  5. Gated Recurrent Unit (GRU)
  6. Spring Cloud 自定义ConfigServer 解决敏感信息存储问题
  7. penLDAP学习笔记
  8. lintcode-110-最小路径和
  9. PHPExcel 导出包含图片excel
  10. bcc编译