pam_usb icon indicating copy to clipboard operation
pam_usb copied to clipboard

Published 20 hours ago verified publisher icon aluzzardi

pamusb-check fails for correct configuration file

Open wuffi opened this issue 12 years ago • 4 comments

Hi,

On Ubuntu 12.04, I can't get pam_usb to work. My configuration file looks as follows:

<devices>
    <device id="usbkey">
        <vendor>SMI</vendor>
        <model>USB DISK</model>
        <volume_uuid>a1d8d933-c151-40a9-b930-519210e6d1e9</volume_uuid>
    </device>   
</devices>

<users>
    <user id="root">
        <device>usbkey</device>
            <option name="quiet">true</option>
            <agent event="lock">gnome-screensaver-command -l</agent>
        <agent event="unlock">gnome-screensaver-command -d</agent>
    </user>
</users>

<services>
    <service id="pamusb-agent">
        <option name="one_time_pad">false</option>
    </service>

    <service id="su">
        <option name="quiet">true</option>
    </service>
</services>

This looks correct for me, but "pamusb-check root" gives me: "* No device configured for user "root"."

Could you please hint me towards additional diagnostics to run to pin down the problem.

wuffi avatar Dec 13 '12 08:12 wuffi

Hi wuffi,

Could you try with --debug?

Best, Andrea

aluzzardi avatar Dec 19 '12 11:12 aluzzardi

I know, old issue. But anyway, for me this was caused by a device without serial - a cheap usb stick. Switched to a stick with serial reported, and it worked. Just wanted to say...

edit: rofl, just (27 nov '16) had this problem again - googled, found my own solution :laughing:

edit2: The culprit is https://github.com/aluzzardi/pam_usb/blob/master/src/conf.c#L174, the !pusb_conf_parse_device(opts, doc) call is returning 0 for devices without serial from https://github.com/aluzzardi/pam_usb/blob/master/src/conf.c#L113. So it seems to be intended behaviour.

edit3: The serial, combined with vendor and model, is used in https://github.com/aluzzardi/pam_usb/blob/master/src/device.c#L35 to check for the device and also in various places in https://github.com/aluzzardi/pam_usb/blob/master/tools/pamusb-agent. Not sure if it's possible to refactor this to UUID checking. I'm to lazy to try, esp. since my python sucks.

mcdope avatar Jul 22 '14 06:07 mcdope

Is it possible to add support for usb stick without serial number? I have the same issue.

gruessung avatar Sep 13 '16 06:09 gruessung

@gruessung I don't think this project is maintained any more, just grab another stick (or other media, I use a microsd on my laptop i.e).

mcdope avatar Sep 13 '16 09:09 mcdope