On 11/28/18 4:57 PM, Orion Poplawski wrote:
I configured a YubiKey on Windows using the YubiKey minidriver with
- my "orion" certificate - went into slot 9a PIV Auth
- A MacOS keychain cert per their docs - when into slot 9d Key Management
- Another auth certificate for "orion-admin" - went into slot 82
I'm able to authenticate on Windows as either orion or orion-admin, but on
Linux with sssd it does not see the orion-admin certificate. What needs to
happen to support this?
After reading some of:
I'm very curious as to why the admin key and certificate went into slot 82.
From my understanding slots 82-95 are for "Retired Key Management" - i.e. keys
that have been retired/expired/replaced. Unless this specification has been
abandoned in some way?
I've asked the above question of Yubico - perhaps they will have an answer.
In any case this is definitely a non-standard application.
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301 https://www.nwra.com/