[PVE-User] Yubico doesn't work anymore

Matthieu Dreistadt matthieu at 3-stadt.de
Fri Mar 1 11:48:11 CET 2019


Hi,

there was an announcement by yubico a while ago regarding the shutdown
of older ciphers/api, etc.

I added the following URL as Yubico URL for the respective
authentication type (where you also add your API key, PVE 4.4-24):
https://api.yubico.com/wsapi/2.0/verify


Regards,
Matthieu

Am 01.03.19 um 11:29 schrieb Thomas Lamprecht:
> Hi,
> 
> On 3/1/19 11:09 AM, Patrick Westenberg wrote:
>> Hi everyone,
>>
>> I configured PAM authentication to use yubico but I can't login anymore.
>>
>> Mar  1 11:02:23 pve01 pvedaemon[4917]: authentication failure;
>> rhost=172.31.0.1 user=root at pam msg=Invalid response from server: 410 Gone
>>
>> Is it possible, that the proxmox stuff didn't update their
>> implementation as Yubico deactivated deprecated ciphers and non-secured
>> traffic?
>>
>> https://status.yubico.com/2018/11/26/deprecating-yubicloud-v1-protocol-plain-text-requests-and-old-tls-versions/
>>
>> proxmox-ve: 5.3-1 (running kernel: 4.15.18-11-pve)
>> pve-manager: 5.3-9 (running version: 5.3-9/ba817b29)
>> pve-kernel-4.15: 5.3-2
>> pve-kernel-4.15.18-11-pve: 4.15.18-33
>> pve-kernel-4.15.18-3-pve: 4.15.18-22
>> pve-kernel-4.15.17-1-pve: 4.15.17-9
>> corosync: 2.4.4-pve1
>> criu: 2.11.1-1~bpo90
>> gfs2-utils: 3.1.9-2
>> glusterfs-client: 3.8.8-1
>> ksm-control-daemon: 1.2-2
>> libjs-extjs: 6.0.1-2
>> libpve-access-control: 5.1-3
>> libpve-apiclient-perl: 2.0-5
>> libpve-common-perl: 5.0-46
> 
> that's the issue, it should work again with pve-common in version
> 5.0-47 (or newer) which includes:
> https://git.proxmox.com/?p=pve-common.git;a=commit;h=3b3ae60e0934a74b7cc34634740e720d574de3e2
> 
>> libpve-guest-common-perl: 2.0-20
>> libpve-http-server-perl: 2.0-11
>> libpve-storage-perl: 5.0-38
>> libqb0: 1.0.3-1~bpo9
>> lvm2: 2.02.168-pve6
>> lxc-pve: 3.1.0-3
>> lxcfs: 3.0.3-pve1
>> novnc-pve: 1.0.0-2
>> openvswitch-switch: 2.7.0-3
>> proxmox-widget-toolkit: 1.0-22
>> pve-cluster: 5.0-33
>> pve-container: 2.0-34
>> pve-docs: 5.3-2
>> pve-edk2-firmware: 1.20181023-1
>> pve-firewall: 3.0-17
>> pve-firmware: 2.0-6
>> pve-ha-manager: 2.0-6
>> pve-i18n: 1.0-9
>> pve-libspice-server1: 0.14.1-2
>> pve-qemu-kvm: 2.12.1-1
>> pve-xtermjs: 3.10.1-1
>> qemu-server: 5.0-46
>> smartmontools: 6.5+svn4324-1
>> spiceterm: 3.0-5
>> vncterm: 1.5-3
>>
>>
>> Regards
>> Patrick
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>
> 
> 
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> 



More information about the pve-user mailing list