From owner-freebsd-security@freebsd.org  Thu Jul  9 16:20:53 2015
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8E438996B45
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu,  9 Jul 2015 16:20:53 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com
 [66.111.4.26])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 64FA81D05
 for <freebsd-security@freebsd.org>; Thu,  9 Jul 2015 16:20:53 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 461E320794
 for <freebsd-security@freebsd.org>; Thu,  9 Jul 2015 12:20:52 -0400 (EDT)
Received: from web3 ([10.202.2.213])
 by compute5.internal (MEProxy); Thu, 09 Jul 2015 12:20:52 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=8XGtNKIzN5F1ox7
 puS7S/IE9JrY=; b=ZEBuqC4s/7z0McDtcYxUIOtNfszIqEwU9fo8Ev3un/vJKu+
 whKE9d15qIg8Snlo2YXxB1KVmHGKor3Qb0L6OBAhRsnKndfFf2LQTFD7Eq1N/+tw
 nF6FW1IexT3h1+0uYndC+olySYgt0Of1Sk2t+yp6cyryiEq681H7F7qlz680=
Received: by web3.nyi.internal (Postfix, from userid 99)
 id 02B6E104285; Thu,  9 Jul 2015 12:20:51 -0400 (EDT)
Message-Id: <1436458851.3436254.319593905.74B45600@webmail.messagingengine.com>
X-Sasl-Enc: 3IqiB4lDlftEYIf2TueyfnWpFQq0dFv9MHLqwJOzXgcI 1436458851
From: Mark Felder <feld@FreeBSD.org>
To: Lev Serebryakov <lev@FreeBSD.org>, freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: MessagingEngine.com Webmail Interface - ajax-bfc056ae
Subject: Re: FreeBSD + Yubikey NEO in OATH-HOTP mode?
Date: Thu, 09 Jul 2015 11:20:51 -0500
In-Reply-To: <559E9E3E.7050709@FreeBSD.org>
References: <559E9E3E.7050709@FreeBSD.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 16:20:53 -0000



On Thu, Jul 9, 2015, at 11:15, Lev Serebryakov wrote:
> 
>  Does somebody succeed to setup FreeBSD for usage with Yubikey NEO
> token without Yubico authentication service, with OATH-HOTP?
> 

What have you tried so far? I don't do the offline auth, but this seems
to be documented well in ykpamcfg(1)