Date: Sat, 8 Sep 2018 02:28:54 +0000 From: Robert Ames <robertames@hotmail.com> To: Niclas Zeising <zeising+freebsd@daemonic.se> Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: RE: Yubico Security Keys Message-ID: <SN6PR08MB5070F45A26BC9AE924889FD8C9070@SN6PR08MB5070.namprd08.prod.outlook.com> In-Reply-To: <5a1e0391-86b6-070c-24db-18529f379bc6@daemonic.se> References: <SN6PR08MB50700E8EAFDEDA7646671E6EC9030@SN6PR08MB5070.namprd08.prod.outlook.com> <1AEEDB86-DF6B-433B-A413-452F105D9A53@dons.net.au> <SN6PR08MB5070379187FA4800E9B1537EC9020@SN6PR08MB5070.namprd08.prod.outlook.com> <7DA3F074-12CF-43C4-A514-19651112EE42@dons.net.au> <SN6PR08MB5070E1CE5B15417592DD0895C9020@SN6PR08MB5070.namprd08.prod.outlook.com>, <5a1e0391-86b6-070c-24db-18529f379bc6@daemonic.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 06, 2018 at 01:48:10PM +0200, Niclas Zeising wrote: > > Yes, that works (using /etc/devfs.rules). Thanks. I also got it to wo= rk > > using /etc/devd.conf > > > > # Yubico Security Key > > attach 100 { > > match "vendor" "0x1050"; > > match "product" "0x0120"; > > device-name "uhid[0-9]+"; > > action "/usr/sbin/chown robert /dev/$device-name"; > > }; > > > > running "usbconfig dump_device_desc" to get the vendor and product ids. > > I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which = is > > the more correct way to do this. But they both work. > > > > So things now work great on the Yubico demo site. Sadly I cannot get i= t > > to work in Google. Google doesn't respond when I press the gold disc > > during the registration process. > > > There is a port, security/u2f-devd [0] that sets up devd rules for use > with yubico and other devices. That works great for me. Install it and > follow the instructions. > > [0] https://www.freshports.org/security/u2f-devd/ Just to close this out, the Yubikey DOES work with Google using Firefox. The only catch is you can't register a key with Google using Firefox. You have to use Chromium. Once you register your key using Chromium you can use Firefox to login. See explanation here: https://www.ctrl.blog/entry/firefox-u2f-google For the record, what works for me is 11.2-RELEASE, Firefox 60.0.1 =20 from ports/packages along with u2f-devd from ports/packages to =20 handle the setup of devd. And Chromium from ports/packages for the registration step. Thanks to all who sent me pointers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SN6PR08MB5070F45A26BC9AE924889FD8C9070>