Package: libpam-u2f
Version: 1.1.0-1.1+b1
Severity: normal
X-Debbugs-Cc: maximilian.senftleben@frogblue-tec.com

Dear Maintainer,

after enrolling multiple keys in my u2f_keys file only the first one is
checked
by libpam-u2f.

$ cat /etc/pam.d/sudo
...
auth sufficient pam_u2f.so cue prompt authfile=.config/u2f/u2f_keys
...

$ cat ~/.config/u2f/u2f_keys
ms:aa...==,es256,+presence
ms:bb...==,es256,+presence

If I exchange the entries, the corresponding other key works, i.e. its definitively the first entry that works.
I would expect both keys to work


-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.6.15-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libpam-u2f depends on:
ii libc6 2.37-15
ii libfido2-1 1.14.0-1
ii libpam0g 1.5.2-9.1+b1
ii libssl3 3.1.5-1

Versions of packages libpam-u2f recommends:
ii pamu2fcfg 1.1.0-1.1+b1

libpam-u2f suggests no packages.

-- no debconf information

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)