[Gllug] Does the YubiKey USB security token actually work in Linux?

James Courtier-Dutton james.dutton at gmail.com
Sat Jun 25 09:07:24 UTC 2011


On 24 June 2011 23:03, general_email at technicalbloke.com
<general_email at technicalbloke.com> wrote:
> On 24/06/11 15:18, Richard W.M. Jones wrote:
>> On Fri, Jun 24, 2011 at 02:05:24PM +0100, Robert McKay wrote:
>>> Hmm.. how does this actually work then? It seems like possibly it requires
>>> you to hand over authentication of your servers to yubikey.. like.. you
>>> install a pam module that will do a web service request to
>>>
>>> http://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s
>>>
>>>
>>> in order to verify the one time password? That doesn't seem great.. I guess
>>> maybe you can run your own web service as well?
>> It definitely does not involve any handing over of authentication to
>> yubico, otherwise Fedora would not have gone for this.
>>
>> Rich.
>>
>
>
> Actually it's both, if you leave them as they ship from the factory you
> are able to use yubico's public authentication server and spare yourself
> the burden of setting up your own validation server. You can write new
> keys to them if you want to use them with your own validation server,
> it's a v.cool system.
>
> Roger

Has anyone done vulnerability analysis on the yubico?
For example, how easy is it to duplicate a key?
That being the method that recently highlighted problems with RSA
security key fobs
--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list