LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   YubiKey and Slackware (https://www.linuxquestions.org/questions/slackware-14/yubikey-and-slackware-4175512282/)

Geremia 07-25-2014 02:24 PM

YubiKey and Slackware
 
Can I do anything on Slackware with a YubiKey (e.g., login, authenticate SSH sessions, use the YubiKey for sudo or su, etc.)? In other words: Does Slackware support any sort of two-step authentication or one-time password (OTP) authentication?

ponce 07-25-2014 04:18 PM

http://www.yubico.com/applications/c...r-login/linux/

reading there it uses PAM, so you first have to integrate PAM (Slackware is PAM-free), then...

T3slider 07-25-2014 04:35 PM

I use YubiKeys for two factor authentication on web services (instead of using Google Authenticator or text messages on a phone) and with PasswordSafe, but for actual login authentication it requires PAM. You can install/configure PAM if you want, but it isn't supported by default on Slackware. For actually setting up a YubiKey (for any use) you will need libyubikey, ykpers and yubikey-personalization-gui. I wrote some SlackBuilds for some older versions but I haven't updated them in a while -- I may update and submit them to SBo at some point in the future but in the meantime let me know if you want them as a starting point. I haven't played with PAM to get actual login/ssh/etc. authentication working on Slackware myself. The hardest part of that would be getting PAM working -- there are simple enough instructions for getting YubiKey authentication working, but since PAM is included with basically every other distro in the world they are only half the solution on Slackware.

It should be noted that ykpers includes udev rules that will not work with Slackware's udev-182 (unless newer versions added an extra udev rule). This one does, at least in 14.0 (but I am no udev expert so it perhaps isn't as elegant as it should be):
Code:

# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.

ACTION=="add|change", SUBSYSTEM=="usb", \
  ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111", \
  MODE="0660", GROUP="yubikey"

It would require your user to be a member of a yubikey group (which you would have to create) to use challenge-response mode.

Geremia 07-25-2014 11:10 PM

Quote:

Originally Posted by T3slider (Post 5209655)
For actually setting up a YubiKey (for any use) you will need libyubikey, ykpers and yubikey-personalization-gui.

Yes, I built some packages for that back in June 2013, so I know about the YubiKey tools. I'm just not too familiar with two-factor or OTP authentication methods on Linux or, specifically, Slackware.

What about KWallet? How could I use a YubiKey to unlock a KWallet wallet so I don't have to enter a password every time it prompts me to unlock a wallet?

thanks

Geremia 07-26-2014 01:22 PM

LastPass FireFox extension better than default password manager
 
This isn't for Slack specifically, but for the FireFox password manager, the LastPass extension works with YubiKeys.

UPDATE: They charge to use a YubiKey! I'm uninstalling this joke plugin.


All times are GMT -5. The time now is 05:12 PM.