ykpamcfg(1) | General Commands Manual | ykpamcfg(1) |
NAME¶
ykpamcfg - Manage user settings for the Yubico PAM module.SYNOPSIS¶
ykpamcfg [ -1 | -2] [-A] [-v] [-h]OPTIONS¶
- -1
- use slot 1. This is the default.
- -2
- use slot 2.
- -A action
- choose action to perform. See ACTIONS below.
- -v
- enable verbose mode.
ACTIONS¶
- add_hmac_chalresp
- The PAM module can utilize the HMAC-SHA1 Challenge-Response
mode found in YubiKeys starting with version 2.2 for offline
authentication. This action creates the initial state information with
the C/R to be issued at the next logon.
EXAMPLE¶
First, program a YubiKey for challenge response on Slot 2 :$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible ... Commit? (y/n) [n]: y $
Now, set the
current user to require this YubiKey for logon :
$ ykpamcfg -2 -v ... Stored initial challenge and expected response in '/home/alice/.yubico/challenge-123456'. $
Then,
configure authentication with PAM for example like this ( make a backup
first) :
/etc/pam.d/common-auth
(from Ubuntu 10.10) :
auth required pam_unix.so nullok_secure try_first_pass auth [success=1 new_authtok_reqd=ok ignore=ignore default=die] pam_yubico.so mode=challenge-response auth requisite pam_deny.so auth required pam_permit.so auth optional pam_ecryptfs.so unwrap
BUGS¶
Report ykpamcfg bugs in the issue tracker ⟨URL: http://code.google.com/p/yubico-pam/issues/list ⟩SEE ALSO¶
The yubico-pam home page ⟨URL: http://code.google.com/p/yubico-pam/ ⟩ YubiKeys can be obtained from Yubico ⟨URL: http://www.yubico.com/ ⟩.March 2011 | yubico-pam |