search for: yubikey_mapping

...failure_show_msg=yes dovecot override_fields = proxy host=1.2.3.4 master=XXXXXX pass=XXXXXX } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users } The dovecot Pam config file is :- auth sufficient pam_yubico.so id=99999 key="xxxxxxxxxxx" authfile=/etc/yubikey_mappings debug @include common-auth @include common-account @include common-session When failing to authenticate with Dovecot, the PAM debug log shows :- [../pam_yubico.c:parse_cfg(761)] called. [../pam_yubico.c:parse_cfg(762)] flags 0 argc 4 [../pam_yubico.c:parse_cfg(764)] argv[0]=id=xxxxxx [../pam_yub...

I don't see a way to do this currently (unless I am missing something) but I would like to be able to specify, that in order for a user to login, they need to use at least 1 public key from 2 separate key sources.? Specifically this would be when using "AuthenticationMethods publickey,publickey".? Right now requiring 2 public keys for authentication will allow 2 public keys from