2011-04-29 13:04:53 UTC
I'm trying to get pam_oath to work with any graphical login manager...
Just wrote this mail to the SLiM mailing list:
--- Begin forwarded message ---
Date: Fri, 29 Apr 2011 13:17:06 +0200
From: Christian Hesse <***@eworm.de>
Subject: One Time Password in SLiM
I've used SLiM for some time now and I am very happy with it.
Recently I bought a hardware one time password token. PAM is set up
(using pam_oath.so from OATH Toolkit ) and everything works fine with
login, su and ssh.
However it does not work with SLiM.
I added pam_oath.so to /etc/pam.d/slim and tried to log in. The values
in /etc/users.oath change, so pam returns success I think. But SLiM
does not let me in, it beeps and asks for the password again.
Does SLim Support this kind of authentication?
--- End forwarded message ---
The next test was xscreensaver... Did not work as well. I got the
dialog with username and "One-time pass...", but it fails. Here's the
log from xscreensaver -no-splash -verbose:
pam_start ("xscreensaver", "eworm", ...) ==> 0 (Success)
pam_set_item (p, PAM_TTY, ":0.0") ==> 0 (Success)
pam_authenticate (...) ...
pam_conversation (ECHO_OFF="One-time password (OATH) for `eworm':
") ... 0: mouse is at 608,311.
0: creating password dialog ("")
0: ungrabbing mouse (was 0xb1).
0: grabbing mouse on 0xa00015... GrabSuccess.
pam_conversation (...) ==> PAM_SUCCESS
pam_authenticate (...) ==> 7 (Authentication failure)
pam_end (...) ==> 0 (Success)
All authentication mechanisms failed.
syslog: FAILED LOGIN 1 ON DISPLAY ":0.0", FOR "eworm"
0: creating password dialog ("Authentication failed!")
Possibly this is an issue by pam_oath.so and not the graphical tools...