LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 07-25-2014, 03:24 PM   #1
Geremia
Member
 
Registered: Apr 2011
Distribution: Slackware 14.1
Posts: 226

Rep: Reputation: 5
YubiKey and Slackware


Can I do anything on Slackware with a YubiKey (e.g., login, authenticate SSH sessions, use the YubiKey for sudo or su, etc.)? In other words: Does Slackware support any sort of two-step authentication or one-time password (OTP) authentication?

Last edited by Geremia; 07-25-2014 at 03:27 PM.
 
Old 07-25-2014, 05:18 PM   #2
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,473

Rep: Reputation: 901Reputation: 901Reputation: 901Reputation: 901Reputation: 901Reputation: 901Reputation: 901Reputation: 901
http://www.yubico.com/applications/c...r-login/linux/

reading there it uses PAM, so you first have to integrate PAM (Slackware is PAM-free), then...
 
Old 07-25-2014, 05:35 PM   #3
T3slider
Senior Member
 
Registered: Jul 2007
Distribution: Slackware64-14.1
Posts: 2,291

Rep: Reputation: 708Reputation: 708Reputation: 708Reputation: 708Reputation: 708Reputation: 708Reputation: 708
I use YubiKeys for two factor authentication on web services (instead of using Google Authenticator or text messages on a phone) and with PasswordSafe, but for actual login authentication it requires PAM. You can install/configure PAM if you want, but it isn't supported by default on Slackware. For actually setting up a YubiKey (for any use) you will need libyubikey, ykpers and yubikey-personalization-gui. I wrote some SlackBuilds for some older versions but I haven't updated them in a while -- I may update and submit them to SBo at some point in the future but in the meantime let me know if you want them as a starting point. I haven't played with PAM to get actual login/ssh/etc. authentication working on Slackware myself. The hardest part of that would be getting PAM working -- there are simple enough instructions for getting YubiKey authentication working, but since PAM is included with basically every other distro in the world they are only half the solution on Slackware.

It should be noted that ykpers includes udev rules that will not work with Slackware's udev-182 (unless newer versions added an extra udev rule). This one does, at least in 14.0 (but I am no udev expert so it perhaps isn't as elegant as it should be):
Code:
# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.

ACTION=="add|change", SUBSYSTEM=="usb", \
  ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111", \
  MODE="0660", GROUP="yubikey"
It would require your user to be a member of a yubikey group (which you would have to create) to use challenge-response mode.
 
2 members found this post helpful.
Old 07-26-2014, 12:10 AM   #4
Geremia
Member
 
Registered: Apr 2011
Distribution: Slackware 14.1
Posts: 226

Original Poster
Rep: Reputation: 5
Quote:
Originally Posted by T3slider View Post
For actually setting up a YubiKey (for any use) you will need libyubikey, ykpers and yubikey-personalization-gui.
Yes, I built some packages for that back in June 2013, so I know about the YubiKey tools. I'm just not too familiar with two-factor or OTP authentication methods on Linux or, specifically, Slackware.

What about KWallet? How could I use a YubiKey to unlock a KWallet wallet so I don't have to enter a password every time it prompts me to unlock a wallet?

thanks
 
Old 07-26-2014, 02:22 PM   #5
Geremia
Member
 
Registered: Apr 2011
Distribution: Slackware 14.1
Posts: 226

Original Poster
Rep: Reputation: 5
LastPass FireFox extension better than default password manager

This isn't for Slack specifically, but for the FireFox password manager, the LastPass extension works with YubiKeys.

UPDATE: They charge to use a YubiKey! I'm uninstalling this joke plugin.

Last edited by Geremia; 07-26-2014 at 02:37 PM. Reason: added title
 
  


Reply

Tags
security, slackware, yubikey


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Two factor authentication with Yubikey for harddisk encryption with LUKS LXer Syndicated Linux News 1 07-25-2014 03:21 PM
LXer: Howto enroll and use a Yubikey with privacyIDEA LXer Syndicated Linux News 0 05-14-2014 02:20 AM
LXer: How To Do Mass Enrolling Of Yubikey With LinOTP LXer Syndicated Linux News 0 03-06-2013 11:01 PM
LXer: YubiKey Review: Next Generation Authentication LXer Syndicated Linux News 0 03-28-2012 06:40 PM
[SOLVED] Yubikey, su and /usr/bin/kupdateapplet boblikeslinux Linux - Security 3 06-17-2010 02:10 PM


All times are GMT -5. The time now is 07:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration