On Sat, 15 Feb 2020, Predrag Punosevac wrote: > The idea is to use yubikey as a challenge for a console login. I tried > first to configure /etc/login.conf just to use yubikey > > auth-defaults:auth=yubikey: > > However, I see > > oko# tail -3 authlog > Feb 15 23:29:15 oko yubikey: user predrag failed: password too short. > Feb 15 23:29:15 oko yubikey: user predrag: reject > Feb 15 23:43:09 oko su: predrag to root on /dev/ttyC0 > > > I used advanced mode in yubikey-personalization-gui and generated public > key of lenght 16 instead of default 6. No avail. Then I realized that > > 010: SECURITY FIX: December 4, 2019 All architectures > libc's authentication layer performed insufficient username validation. > > Is it possible to use yubikey for console authentication or does above > patch disables it completely?
I use it on a daily basis no problem. Have you read login_yubikey(8) ? At some point it says: login_yubikey will read the user's UID (12 hex digits) from the file user.uid, the user's key (32 hex digits) from user.key, and the user's last-use counter from user.ctr in the /var/db/yubikey directory. Not sure if you already did that. But that may be it. Cheers, -- Paco Esteban. 5818130B8A6DBC03
