From 9ad8c7106931cdbfc1844b62a5174bc875c1e5ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Finn=20Gl=C3=B6e?= Date: Thu, 25 Feb 2016 20:30:13 +0100 Subject: [PATCH] Changed /etc/yubico to /var/yubico --- doc/Authentication_Using_Challenge-Response.adoc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/Authentication_Using_Challenge-Response.adoc b/doc/Authentication_Using_Challenge-Response.adoc index ec0e996..46d98d0 100644 --- a/doc/Authentication_Using_Challenge-Response.adoc +++ b/doc/Authentication_Using_Challenge-Response.adoc @@ -14,7 +14,7 @@ for a YubiKey with serial number API readout enabled, and The PAM module supports a system wide directory for these state files (in case the user's home directories are encrypted), but in a system wide directory, the 'challenge' part should be replaced with the -username. Example: `/var/yubico/challenges/alice-123456`. +username. Example: `/var/yubico/alice-123456`. To use the system-wide mode, you currently have to move the generated state files manually and configure the PAM module accordingly. @@ -68,13 +68,13 @@ $ ykpamcfg -2 -v Stored initial challenge and expected response in '/home/alice/.yubico/challenge-123456'. $ ------ -If your /home/user folder is encrypted you should move the challenge file in a different path (i.e. /etc/yubico) and then set the right permission for the user to create the files. To do this do as follow: +If your /home/user folder is encrypted you should move the challenge file in a different path (i.e. /var/yubico) and then set the right permission for the user to create the files. To do this do as follow: ---- -$ mkdir /etc/yubico -$ chmod +t /etc/yubico -$ chmod 777 /etc/yubico -$ mv /home/user/.yubico/challenge-####### /etc/yubico/username-####### +$ mkdir /var/yubico +$ chmod +t /var/yubico +$ chmod 777 /var/yubico +$ mv /home/user/.yubico/challenge-####### /var/yubico/username-####### ... It is important that you name the file with the username of the user that is going to use the Yubikey ---- @@ -84,7 +84,7 @@ Finally we tell the pam module where to look for the challenge file and edit the following line as follow: - auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubico + auth required pam_yubico.so mode=challenge-response chalresp_path=/var/yubico Then back to the PAM configuration step, first make sure you have a root terminal available to be able to disable YubiKey login in case of