On Fri, Oct 08, 2010 at 12:07:34AM -0400, Matthew Miller wrote: > On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote: > > The newer yubikey hardware has provision for two AES keys but I'm not sure > > how that works and whether it actually allows you to use separate keys with > > separate servers. Someone will need to look into this. > > Yes, separate keys -- basically two separate configurations in one device. > After a bit of trial and error, I got this working. I now have my yubikey-v2 to send a otp that's associated with fas if I hold the contact for 0.3 â 1.5 seconds and a otp that's registered with yubico's servers if I press for 2.5 â 5 seconds. The sparsity of introductory docs on ykpersonalize made this harder than it should have been. I pieced together the necessary information from this page: http://www.teaparty.net/technotes/yubikey.html and the official upload instructions linked from here: http://www.yubico.com/developers/aeskeys/ and the user's manual http://yubico.com/files/YubiKey_manual-2.0.pdf Writing the second key slot was kinda like this: sudo ykpersonalize -2 -o fixed=vvXXXXXXXX -a KEY -o -static-ticket -o -strong-pw1 -o -strong-pw2 -o -man-update -o -append-cr -ouid=YYYYY Figuring out XXXX,KEY, and YYY were what I needed to read those documents for. -Toshio
Attachment:
pgpByUDhEaMjc.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure