Hi, thanks for the reply and investigating the issue.
On Sun, May 27, 2018 at 01:08:28AM +0200, Nicolas Braud-Santoni wrote: > On Sat, May 26, 2018 at 11:18:40PM +0200, Nicolas Braud-Santoni wrote: > > In the meantime, I am forwarding this bug upstream (against pam-u2f), who > > might be able to pinpoint the issue faster than I would. (OTOH, several of > > the pam-u2f upstream developers are in the relevant packaging team and > > should have received the bug report anyhow.) > > Upstream suggested this might be a regression introduced by the implementation > of the cue option [0]; could you try removing the cue option? Well, the "cue" option alone did not help. I've tried several configs. In the end it's simply the update to pam-u2f-1.0.7 that helps. The "nodetect" option was introduced and this helps with the u2fzero device. I tried with the debian source and made and new upstream release. $ apt source pam-u2f $ cd pam-u2f-1.0.6 $ uscan $ uupdate -v 1.0.7 ../pam_u2f-1.0.7.tar.gz $ dpkg-buildpackage -us -uc # dpkg -i libpam-u2f_1.0.7-1_amd64.deb # cat /etc/pam.d/u2f auth required pam_u2f.so authfile=/etc/u2f_keys interactive nodetect debug And it works. Therefore, i think a new release to 1.0.7 would solve the issue. As far as understand an update of libu2f-host and libu2f-server is not needed. See also https://github.com/Yubico/pam-u2f/issues/97 for more logs. Greetings, Jörg -- Jörg (j...@corsario.org) GPG-ID: 0xFAE26711E6EBF94D Fingerprint: 8A79 8BF8 0A04 60EA A004 7E42 FAE2 6711 E6EB F94D
