Re: Yubikeys are now supported

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 08, 2010 at 12:07:34AM -0400, Matthew Miller wrote:
> On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote:
> > The newer yubikey hardware has provision for two AES keys but I'm not sure
> > how that works and whether it actually allows you to use separate keys with
> > separate servers.  Someone will need to look into this.
> 
> Yes, separate keys -- basically two separate configurations in one device.
> 
After a bit of trial and error, I got this working.  I now have my
yubikey-v2 to send a otp that's associated with fas if I hold the contact
for  0.3 â 1.5 seconds and a otp that's registered with yubico's servers if
I press for 2.5 â 5 seconds.  The sparsity of introductory docs on
ykpersonalize made this harder than it should have been.  I pieced together
the necessary information from this page:

http://www.teaparty.net/technotes/yubikey.html

and the official upload instructions linked from here:

http://www.yubico.com/developers/aeskeys/

and the user's manual

http://yubico.com/files/YubiKey_manual-2.0.pdf


Writing the second key slot was kinda like this:

sudo ykpersonalize -2 -o fixed=vvXXXXXXXX  -a KEY
-o -static-ticket -o -strong-pw1 -o -strong-pw2
-o -man-update -o -append-cr -ouid=YYYYY

Figuring out XXXX,KEY, and YYY were what I needed to read those documents
for.

-Toshio

Attachment: pgpByUDhEaMjc.pgp
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux