search

Kami / python-yubico-client

Python library for validating Yubico Yubikey One Time Passwords (OTPs) based on the validation protocol version 2.0.
https://yubico-client.readthedocs.org/en/latest/
Other
83 stars 19 forks source link

NO_VALID_ANSWERS error #33

Open s-fu opened 3 years ago

s-fu commented 3 years ago

API URL api.yubico.com is used.

python-yubico-client version: v1.12.0 python version: python-2.7.5-90.el7.x86_64 OS: CentOS 7

NO_VALID_ANSWERS error is raised all the time while curling the same URL from bash has OK state. This service had been running for more than 1 year.

  File "/usr/lib/pritunl/lib/python2.7/site-packages/pritunl/sso/yubico.py", line 30, in auth_yubico
    if client.verify(yubikey) is not True:
  File "/usr/lib/pritunl/lib/python2.7/site-packages/yubico_client/yubico.py", line 188, in verify
    raise Exception('NO_VALID_ANSWERS')
Exception: NO_VALID_ANSWERS

The workaround is to override the IP address of api.yubico.com in hosts file with one of the four short lived A records.

justinkumpe commented 2 years ago

I have found this is due to an issue with IPv6. If you disable IPv6 on your server the issue will be resolved as well. I do not use IPv6 so that is fine with me but definitely not a long term solution.