With the significant additions and changes to YubiPAM recently, some things were broken on Debian Etch systems. This update fixes an issue where pam_syslog() is not uniformly available over all systems. I personally blame my relatively newb status on the automake toolset. We appreciate all the feedback to keep this project evolving.
Head to the project page for the new version.
It’s encouraging to know that our YubiPAM authentication module is getting some air time for people. Even better is the positive feedback we get from those using it.
We recently received a patch from Geoff Hoff that extended its functionality across all services. It now follows the model of the pam_unix module allowing lesser privileged services such as gnome-screensaver to authenticate with the database.
As a result of this there are a few additional steps that must be carried out to get the install working, including setting up an additional “yubiauth” group, set some permissions for the helper binary and the Yubikey database so make sure you at least skim over the INSTALL file.
In addition the default configuration will no longer echo in the clear and requires you setting the “verbose_otp” flag to enabling echoing of the OTP. You wouldn’t think it adds a lot of additional security considering a One Time Pad is only used … well … once. However, it does align with the better of security practices.
I’ll keep using the “verbose_otp” flag 
In the next few weeks I’ll be posting some screencasts of installing and configuring the YubiPAM module for:
So stay tuned…
This is just a small update that fixes two little quirks that have recently been discovered. We are pleased with the overall stability and are currently looking at including support for other distributions (i.e. non Debian based).
The release notes summarise the updates. You can grab the new update from the download page.
Some investigative work by Brian Gorka, and his mega multi-factor implementation, prompted this little release which now ensures YubiPAM stacks well with other modules in a PAM stack.
Additionally the documentation has been cleaned and refined to better get you started and provide some better guidance on configuring for troubleshooting. As YubiPAM continues to mature it is very important that everyone can assist us with ironing out the wrinkles.
This update will not affect existing database setups so feel free to use and abuse with reduced hassle.
Head to the project page.
A small update to the YubiPAM project has improved the adminstration of adding users to the database. Due to a little ambiguity, perhaps a little too much reliance on individuals technical expertise of this relatively new technology and I’m sure a significant amound of developer assumption a few helpers have been added to the “ykpasswd” utility.
Now all you can add a user with simply a valid Yubikey OTP and corresponding AES key for description, by using:
# ykpasswd -a -u USER -k AESKEY -o OTP
Where USER is a valid account user name, AESKEY is that provided by Yubico in standard hex or modhex format and the OTP is a Yubikey generated OTP.
Head to the project page.
