I want to use the yubico-pam module (https://github.com/Yubico/yubico-pam) to enable challenge-response authentification using my yubikey when sudoing. I've managed to do that by adding the line
auth required pam_yubico.so mode=challenge-response debug
to the file /etc/pam.d/sudo. However doing so give me a whole bunch of output when sudoing:
[pam_yubico.c:parse_cfg(761)] called.
[pam_yubico.c:parse_cfg(762)] flags 32768 argc 5
[pam_yubico.c:parse_cfg(764)] argv[0]=mode=challenge-response
[pam_yubico.c:parse_cfg(764)] argv[1]=debug
[pam_yubico.c:parse_cfg(765)] ...
[pam_yubico.c:parse_cfg(766)] ...
[pam_yubico.c:parse_cfg(767)] ...
[pam_yubico.c:parse_cfg(768)] ...
[pam_yubico.c:parse_cfg(769)] ...
[pam_yubico.c:parse_cfg(770)] ...
[pam_yubico.c:parse_cfg(771)] ...
[pam_yubico.c:parse_cfg(772)] ...
[pam_yubico.c:parse_cfg(773)] ...
[pam_yubico.c:parse_cfg(774)] ...
[pam_yubico.c:parse_cfg(775)] ...
[pam_yubico.c:parse_cfg(776)] ...
[pam_yubico.c:parse_cfg(777)] ...
[pam_yubico.c:parse_cfg(778)] ...
[pam_yubico.c:parse_cfg(779)] ...
[pam_yubico.c:parse_cfg(780)] ...
[pam_yubico.c:parse_cfg(781)] ...
[pam_yubico.c:parse_cfg(782)] ...
[pam_yubico.c:parse_cfg(783)] ...
[pam_yubico.c:pam_sm_authenticate(823)] get user returned: ...
[pam_yubico.c:do_challenge_response(505)] Loading challenge from file ...
[util.c:load_chalresp_state(269)] ...
[pam_yubico.c:do_challenge_response(583)] Got the expected response, generating new challenge (63 bytes). [pam_yubico.c:do_challenge_response(663)] Challenge-response success!
of which I only want to see the lines containing "do_challenge_response", to get some clear info when the authentication fails (eg. I forgot to insert my yubikey...).
How can I do this?
(eg. add "| grep 'do_challenge_response'" at the end of the line I added in /etc/pam.d/sudo, but that doesn't work)
