Date: Sat, 8 Sep 2018 02:28:54 +0000 From: Robert Ames <robertames@hotmail.com> To: Niclas Zeising <zeising+freebsd@daemonic.se> Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: RE: Yubico Security Keys Message-ID: <SN6PR08MB5070F45A26BC9AE924889FD8C9070@SN6PR08MB5070.namprd08.prod.outlook.com> In-Reply-To: <5a1e0391-86b6-070c-24db-18529f379bc6@daemonic.se> References: <SN6PR08MB50700E8EAFDEDA7646671E6EC9030@SN6PR08MB5070.namprd08.prod.outlook.com> <1AEEDB86-DF6B-433B-A413-452F105D9A53@dons.net.au> <SN6PR08MB5070379187FA4800E9B1537EC9020@SN6PR08MB5070.namprd08.prod.outlook.com> <7DA3F074-12CF-43C4-A514-19651112EE42@dons.net.au> <SN6PR08MB5070E1CE5B15417592DD0895C9020@SN6PR08MB5070.namprd08.prod.outlook.com>, <5a1e0391-86b6-070c-24db-18529f379bc6@daemonic.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 06, 2018 at 01:48:10PM +0200, Niclas Zeising wrote:
> > Yes, that works (using /etc/devfs.rules). Thanks. I also got it to wo=
rk
> > using /etc/devd.conf
> >
> > # Yubico Security Key
> > attach 100 {
> > match "vendor" "0x1050";
> > match "product" "0x0120";
> > device-name "uhid[0-9]+";
> > action "/usr/sbin/chown robert /dev/$device-name";
> > };
> >
> > running "usbconfig dump_device_desc" to get the vendor and product ids.
> > I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which =
is
> > the more correct way to do this. But they both work.
> >
> > So things now work great on the Yubico demo site. Sadly I cannot get i=
t
> > to work in Google. Google doesn't respond when I press the gold disc
> > during the registration process.
>
>
> There is a port, security/u2f-devd [0] that sets up devd rules for use
> with yubico and other devices. That works great for me. Install it and
> follow the instructions.
>
> [0] https://www.freshports.org/security/u2f-devd/
Just to close this out, the Yubikey DOES work with Google using
Firefox. The only catch is you can't register a key with Google
using Firefox. You have to use Chromium. Once you register your
key using Chromium you can use Firefox to login. See explanation
here:
https://www.ctrl.blog/entry/firefox-u2f-google
For the record, what works for me is 11.2-RELEASE, Firefox 60.0.1 =20
from ports/packages along with u2f-devd from ports/packages to =20
handle the setup of devd. And Chromium from ports/packages for the
registration step. Thanks to all who sent me pointers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SN6PR08MB5070F45A26BC9AE924889FD8C9070>