Public bug reported: When placed in the common-auth PAM stack and used in conjunction with certain programs such as sudo and vlock, the libpam-yubico module fails with an error and authentication does not continue. This can create a denial of service situation
The text of the error is: [drop_privs.c:restore_privileges(128)] pam_modutil_drop_priv: -1 This is reported and fixed upstream, with a patch here: https://code.google.com/p/yubico-pam/issues/detail?id=49 ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: libpam-yubico 2.11-1 ProcVersionSignature: Ubuntu 3.2.0-24.37-virtual 3.2.14 Uname: Linux 3.2.0-24-virtual i686 ApportVersion: 2.0.1-0ubuntu17.3 Architecture: i386 Date: Sun Jun 9 01:10:59 2013 MarkForUpload: True ProcEnviron: LANGUAGE=en_US:en TERM=screen-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: yubico-pam UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: yubico-pam (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1189062 Title: authentication fails when used in conjunction with sudo, vlock, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/yubico-pam/+bug/1189062/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
