0

I've installed Google Authentication on all the machines in our system, and while the authentication during login works fine, our machines are producing logs that have this line over and over:

sshd(pam_google_authenticator)[2 Failed to compute location of secret file

Some machines have it more than others, and these errors seem to appear intermittently: say, from 3:00 AM to 3:04, or even 12:07, 3:05, 7:38. The location of the file is just in the user's home directory. I have no idea what's going on here, as I'm just a student sysadmin. Could it be an attack of some sort, or maybe the home directories are failing to mount properly on sshd? (Even though our ssh daemons are working fine.)

Some machines are running LDAP, some are just on UNIX, and all machines are running the most recent version of Ubuntu. If I left out any necessary information just let me know.

Thanks in advance for any help!

Clare
  • 3
  • 3

1 Answers1

0

Just guessing:

Are these local home directories or are the home directories on NFS or SAMBA shares?

If you have so many users and machines, why not use a centrally managed system like privacyIDEA?

Addition:

Looking at the code https://github.com/google/google-authenticator/blob/f0d1574734b5855d4a604d58be25fc1159563b66/libpam/pam_google_authenticator.c#L168 the function getpwnam_r seems to fail. So maybe the connection to LDAP is disturbed/timed out so that getpwnam_r can not determine the user's home directory.

cornelinux
  • 229
  • 1
  • 7
  • Or, if you're cheap, you can try https://github.com/mricon/totp-cgi – mricon Jul 14 '15 at 20:20
  • Also much better than having the google authenticator secret in the NFS home directory... – cornelinux Jul 14 '15 at 21:14
  • They're NFS. And thanks for the tip - upon further inspection, the LDAP machines are occasionally saying they failed to bind to the LDAP server, so it probably is an LDAP problem (although the non-LDAP machines return the pam google auth error too.) Anyway, thanks again – Clare Jul 15 '15 at 14:43