rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-08 03:54:18 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'thomaspatzke-patch-1'

Browse Source
This commit is contained in:
Klas Lindfors 2017-02-23 12:18:33 +01:00
commit f3fc6e4c1a
No known key found for this signature in database
GPG Key ID: BCA00FD4B2168C0A
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/Authentication_Using_Challenge-Response.adoc
View File

@ -68,16 +68,18 @@ $ ykpamcfg -2 -v
Stored initial challenge and expected response in '/home/alice/.yubico/challenge-123456'. Stored initial challenge and expected response in '/home/alice/.yubico/challenge-123456'.
$ $
------ ------
If your /home/user folder is encrypted you should move the challenge file in a different path (i.e. /var/yubico) and then set the right permission for the user to create the files. To do this do as follow: From security perspective, it is generally a good idea to move the challenge file in a system-wide path that is only read- and writable by root. To do this do as follow:
---- ----
$ mkdir /var/yubico $ sudo mkdir /var/yubico
$ chmod +t /var/yubico $ sudo chown root.root /var/yubico
$ chmod 777 /var/yubico $ sudo chmod 700 /var/yubico
$ ykpamcfg -2 -v -p /var/yubico $ ykpamcfg -2 -v
... ...
Stored initial challenge and expected response in '/var/yubico/alice-123456'. Stored initial challenge and expected response in '$HOME/.yubico/challenge-123456'.
$ $ sudo mv ~/.yubico/challenge-123456 /var/yubico/alice-123456
$ sudo chown root.root /var/yubico/alice-123456
$ sudo chmod 600 /var/yubico/alice-123456
---- ----
It is important that the file is named with the name of the user that is going to be authenticated by this YubiKey. It is important that the file is named with the name of the user that is going to be authenticated by this YubiKey.