Damien Miller
2022-Mar-09 01:12 UTC
Does a known security issue allow ssh login via system accounts?
On Wed, 9 Mar 2022, Blumenthal, Uri - 0553 - MITLL wrote:> > > A cloud service *authenticates* the user . . . > > > > No, that is not the case. The module is a HOTP/TOTP implementation that > > is compatible with the Google Authenticator application, it does consult > > any cloud service for authentication. > > I don't understand what you said. Does the cloud service authenticate the user, or does it not???err, missed a word - it does not
Blumenthal, Uri - 0553 - MITLL
2022-Mar-09 01:19 UTC
Does a known security issue allow ssh login via system accounts?
> > I don't understand what you said. Does the cloud service authenticate the user, or does it not??? > > err, missed a word - it does notIn that case, what about this.>From https://developers.yubico.com/yubico-pam/, description of the PAM module parameters:mode: Mode of operation. Use "client" for online validation with a YubiKey validation service such as the YubiCloud, or use "challenge-response" for offline validation using YubiKeys with HMAC-SHA-1 Challenge-Response configurations. See the man-page ykpamcfg(1) for further details on how to configure offline Challenge-Response validation. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5249 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20220309/7c654b7b/attachment.p7s>