Yubikeys are now supported
Toshio Kuratomi
a.badger at gmail.com
Fri Oct 8 06:03:47 UTC 2010
On Fri, Oct 08, 2010 at 12:07:34AM -0400, Matthew Miller wrote:
> On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote:
> > The newer yubikey hardware has provision for two AES keys but I'm not sure
> > how that works and whether it actually allows you to use separate keys with
> > separate servers. Someone will need to look into this.
>
> Yes, separate keys -- basically two separate configurations in one device.
>
After a bit of trial and error, I got this working. I now have my
yubikey-v2 to send a otp that's associated with fas if I hold the contact
for 0.3 – 1.5 seconds and a otp that's registered with yubico's servers if
I press for 2.5 – 5 seconds. The sparsity of introductory docs on
ykpersonalize made this harder than it should have been. I pieced together
the necessary information from this page:
http://www.teaparty.net/technotes/yubikey.html
and the official upload instructions linked from here:
http://www.yubico.com/developers/aeskeys/
and the user's manual
http://yubico.com/files/YubiKey_manual-2.0.pdf
Writing the second key slot was kinda like this:
sudo ykpersonalize -2 -o fixed=vvXXXXXXXX -a KEY
-o -static-ticket -o -strong-pw1 -o -strong-pw2
-o -man-update -o -append-cr -ouid=YYYYY
Figuring out XXXX,KEY, and YYY were what I needed to read those documents
for.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20101008/5d555b1b/attachment.bin
More information about the infrastructure
mailing list