[Gllug] Does the YubiKey USB security token actually work in Linux?
general_email at technicalbloke.com
general_email at technicalbloke.com
Fri Jun 24 22:03:49 UTC 2011
On 24/06/11 15:18, Richard W.M. Jones wrote:
> On Fri, Jun 24, 2011 at 02:05:24PM +0100, Robert McKay wrote:
>> Hmm.. how does this actually work then? It seems like possibly it requires
>> you to hand over authentication of your servers to yubikey.. like.. you
>> install a pam module that will do a web service request to
>>
>> http://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s
>>
>>
>> in order to verify the one time password? That doesn't seem great.. I guess
>> maybe you can run your own web service as well?
> It definitely does not involve any handing over of authentication to
> yubico, otherwise Fedora would not have gone for this.
>
> Rich.
>
Actually it's both, if you leave them as they ship from the factory you
are able to use yubico's public authentication server and spare yourself
the burden of setting up your own validation server. You can write new
keys to them if you want to use them with your own validation server,
it's a v.cool system.
Roger
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list