Open Spindel opened 8 years ago
yubico-pam uses yubico-c-client which in turn uses curl for everything. So behaviour is probably different depending on curl version, maybe we can tweak behaviour with correct options as well.
Sounds like something Curl will have options to handle, yes.
Just happened to me today. Definitively a blocking issue, being locked-out of ssh during an ipv6 downtime felt strange
Curl claims to have done happy eyeballs since version 7.34 (2013) It might be useful if you can try to provoke an error using the curl on your system and get curl debug information for what happens.
If you have a host with both ipv6 and ipv4, but disable the routing on ipv6 due to some mishap on your ISP's side, pam_yubico will fail to connect or downgrade to ipv4 which will cause misery, suffering and inability to login.
pam_yubico should downgrade according to ipv6 happy eyeballs, https://tools.ietf.org/html/rfc6555 in order to make sure that it works even if the net isn't always perfect.