487236 – sys-auth/ykpers - Consider to include udev rules, screensaver has no access to device

Bug 487236 - sys-auth/ykpers - Consider to include udev rules, screensaver has no access to device

Summary: sys-auth/ykpers - Consider to include udev rules, screensaver has no access t...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Brant Gurganus

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-10-07 20:30 UTC by Kristian
Modified:	2013-10-28 14:07 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristian 2013-10-07 20:30:00 UTC

sys-auth/ykpers, the yubikey personalisation utility, in connection with sys-auth/pam_yubico can be used for local offline authentication in challenge-response mode (https://github.com/Yubico/yubico-pam/wiki/LocalAuthenticationUsingChallengeResponse). This works only for root or processes running with root privileges. My screensaver for example has no access to the device. This can be fixed by including the udev rules from the ykpers source (https://github.com/Yubico/yubikey-personalization). I simply copied them to /lib/udev/rules.d/ and now can unlock my screensaver by touching the yubikey.

Reproducible: Always

Steps to Reproduce:
1.activate challenge-response mode in pam_yubico
2.
3.
Actual Results:  
ssh logins work but xscreensaver does not (fails with no access to yubikey device)

Expected Results:  
xscreensaver should unlock

Comment 1 Rick Farina (Zero_Chaos) gentoo-dev

2013-10-28 14:07:24 UTC

the udev rules require consolekit, and are installed with USE=consolekit.