From owner-freebsd-security@freebsd.org Thu Jul 9 16:55:35 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E5E5997416 for ; Thu, 9 Jul 2015 16:55:35 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [46.4.40.135]) by mx1.freebsd.org (Postfix) with ESMTP id 3DFC1364F; Thu, 9 Jul 2015 16:55:35 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from [127.0.0.1] (unknown [89.113.128.32]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id 62DFE12EB; Thu, 9 Jul 2015 19:55:32 +0300 (MSK) Message-ID: <559EA77D.3080301@FreeBSD.org> Date: Thu, 09 Jul 2015 19:55:25 +0300 From: Lev Serebryakov Reply-To: lev@FreeBSD.org Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Mark Felder , freebsd-security@freebsd.org Subject: Re: FreeBSD + Yubikey NEO in OATH-HOTP mode? References: <559E9E3E.7050709@FreeBSD.org> <1436458851.3436254.319593905.74B45600@webmail.messagingengine.com> In-Reply-To: <1436458851.3436254.319593905.74B45600@webmail.messagingengine.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2015 16:55:35 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 09.07.2015 19:20, Mark Felder wrote: >> Does somebody succeed to setup FreeBSD for usage with Yubikey >> NEO token without Yubico authentication service, with OATH-HOTP? >> > > What have you tried so far? I don't do the offline auth, but this > seems to be documented well in ykpamcfg(1) ykpamcfg(1) documents challenge-response which is for local usage, as it needs two-way communication with token. I'm trying to install security/oathtoolkit but I don't understand which parameters in user file is right for Yubikey. - -- // Lev Serebryakov -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQJ8BAEBCgBmBQJVnqd9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePoj0QAKbM+I1wj1QrkpO/hF858ga3 UsSmUffFe+veD5NzasxZfTwVflN3v1lcLHu01j2SX14ZaCBeqDbzDp1kuZ9/dK+8 94iIla7FSC8tB1Ym0esHP8l2hF+oKxJUTxIk9A5ACUbJWxaL1Ms3/5tdAP02Odw5 xnq0MmPubNw9TELJ6lISGC/fZxpIbPSg63ToLHKgBUpGfTzHkUCbeIc/2HWQmx6w Q4egsk05UqRmLmSsk7WGnqKGBtowMAhYaYEDn/6jZeIVeqdaMntMuzsa9VJPQTmu 03BNYfPWi/lsDmtk8wTbrP7GKZ4eEeq/ooHHmHWhCdHkRIIP7wy8wtswLmu0CxlM +ip5d6xlRchNeb30DBL4Q0RUeo1VC9JRK/lVv3opPzlyGX4Srbhxs7smxB8iHgw2 /tT5fPr05W0DKo78s9VCJMX7DIgK51l2kpOewLdzSrY/Vj/ybyUVlzYStMlCYGdl PTApJW0wOCLuM0s9ZnTdfH6HQiIRs0nyBLkX5SKe0yr2OR0eYWkBgLpOW9ZJ6Q3w rWYRJN2SHBaoWhpFhE/GyNnqPjI7r21OrnUXvysn9A3/56MyJ9EeYhdIxCXV+q60 75cqVp25xPDDV7RHsARlrgoR4jreX0hY5s4xo+qdcfzK/RIRAXYr2D7drPhJc2UU q0k9cTmBO23XUoZq/bwO =MwAr -----END PGP SIGNATURE-----